Nation-state attackers most often want to impact critical infrastructure and supply chains, exfiltrate data from critical systems, or simply take OT systems offline
In today’s interconnected world, the significance of Operational Technology (OT) systems cannot be overstated. These systems, which are foundational to critical infrastructure, manufacturing, and transportation, have become increasingly integrated into our daily lives. However, as their prominence grows, so does their vulnerability to cyber threats. What is indeed worrisome, according to some recent research, is that many attacks were found to be nation-state sponsored, indirectly enabled by internal personnel about one-third of the time. However, while surprising, it’s not illogical given that nation-state attackers most often want to impact critical infrastructure, and supply chains, exfiltrate data from critical systems, or simply take OT systems offline.
The Blurring Lines between Digital and Physical Infrastructure
Whether an organisation is involved in producing cookies or manufacturing cars, the integration of OT and Integrated Control Systems (ICS) into enterprise IT networks is a reality. This integration has led to a convergence of digital and physical infrastructures, making the distinction between the two increasingly nebulous. As more assets are added to these networks, the potential attack surface expands, posing significant challenges for organisations. The primary challenge is ensuring the protection of both physical and virtual assets while maintaining high operational availability.
Recent research conducted initiated by Rockwell Automation and carried out by Cyentia Institute found that critical Infrastructure vertical industries appear in the top five most targeted industries, with several more in the top 10. Attacks are most intensely focused on energy sectors – 3X more than the next most frequently attacked vertical. Most attacks on OT/ICS systems aim to disrupt operations using a variety of tools and techniques, from phishing to ransomware to lateral tool transfer and exploitation of remote services.
A Comprehensive Study on OT Cybersecurity Incidents
A recent report delved deep into the anatomy of OT cybersecurity incidents, providing valuable insights into the nature and extent of these threats. The study, which analysed 122 OT incidents from five continents, including North America, Europe, the Middle East, Asia, and Africa, was commissioned by Rockwell Automation and executed by the Cyentia Institute.
Cyentia, known for its expertise in cybersecurity research, utilised data from Advisen’s Cybersecurity Loss Database for this analysis. This database, recognised as the largest of its kind, contains a wealth of information on publicly-known security incidents. Each incident can comprise up to 1,000 individual data points, offering a comprehensive view of the cybersecurity landscape.
Rockwell Automation commissioned the Cyentia Institute to analyse cybersecurity events involving compromised OT/ICS. Cyentia, an analyst firm specialising in cybersecurity research, reviewed the subject data set and built several models to examine relationships around the data,
Key Findings and Insights
The research highlighted several crucial points:
- Cybersecurity Challenges are Universal: The threats are not confined to the industrial sector. Gartner’s prediction indicates that by 2025, 45% of global organisations will face attacks on their software supply chains, marking a three-fold increase from 2021. Additionally, in 2022 alone, U.S. organisations reported 1,802 data breaches, affecting over 400 million individuals.
- Adoption of New Processes: The industrial sector’s intricate technological infrastructure often makes it slower in adopting new tools and processes. This lag underscores the need for insights from past OT cybersecurity incidents to emphasise proactive protection.
- Criteria for Inclusion: The study was stringent in its inclusion criteria. Incidents that did not directly compromise OT/ICS, impact OT/ICS operations, or expose sensitive OT/ICS information were excluded. Out of the initial incidents, 25 were removed, leaving 122 events spanning from 1982 to 2022 for analysis.
- 60% of the OT/ICS incidents analysed resulted in operational disruption while 40% resulted in unauthorised access or data exposure.
- In more than half of OT/ICS incidents, SCADA systems are targeted, with Programmable Logic Controllers (PLCs) as the next most-common target. PLCs are industrial computers used to control different electro-mechanical processes. CISA and NSA warned about PLC targeting in an OT cybersecurity advisory.
- Broader supply chains are also impacted approximately 65% of the time. A Japanese auto manufacturer suspended operations on 28 production lines across 14 plants, for at least a day after a key supply chain partner, a plastic parts and electronic components manufacturer, was hit by a suspected cyberattack.
The primary aim of this study was to offer actionable insights into real-world OT/ICS cybersecurity incidents. By understanding the nature of the threats, organisations can prioritise the protection of OT systems, invest in cutting-edge cybersecurity solutions, and foster awareness among industry leaders. The hope is that these insights will equip defenders with the knowledge they need to bolster their defences in an ever-evolving cyber landscape.
Know more about the syllabus and placement record of our Top Ranked Data Science Course in Kolkata, Data Science course in Bangalore, Data Science course in Hyderabad, and Data Science course in Chennai.