A new global survey offers valuable insight for OT security leaders. The 2022 State of Operational Technology and Cybersecurity Report released by Fortinet reveals that organizations are still moving too slowly toward full protection of their operational technology (OT) assets. With 93% of OT organizations experiencing an intrusion in the past year and 78% of them experiencing more than three intrusions, it’s more imperative than ever that CISOs and business leaders improve their OT security and implement best practices outlined in Fortinet’s report.
Data found in the report is culled from a survey of more than 500 OT professionals. The worldwide survey was conducted in March 2022 and respondents were managers to C-level executives who held OT and OT security leadership positions. The organizations that these individuals work for are in a wide range of industries, including manufacturing, energy, transportation and logistics, and healthcare.
One key takeaway from the report is that “while OT security has the attention of organizational leaders, it continues to be owned by relatively low-ranking professionals.” According to the report, only 15% of survey respondents say that the chief information security officer (CISO) is responsible for OT security at their organization. The survey says OT security is primarily overseen by manager and director level people in a range of roles like plant operations. OT security needs to be upgraded as a top-level concern as industrial systems increasingly become a target for cyber criminals.
When first designed, security was not a concern for the PLCs (programmable logic controllers) that run virtually all industrial control systems (ICS) or operational technology (OT) networks. PLCs didn’t need to verify the authenticity of message senders and controller communications and they also had no need for an encryption capability. Having no security measures was acceptable until OT networks ceased to be air-gapped from IT networks.
Now, with convergence of OT and IT networks and with the digitization of OT processes, operational technology is vulnerable to cyberattacks. Many benefits have come from the integration OT and IT networks, including improved productivity, efficiency, responsiveness, and profitability. However, this interconnectedness has also now made OT networks as vulnerable to cyberattacks as IT networks are. Clearly, CISOs need to make the protection of their OT networks a high priority in their security strategies.
There are several very good reasons for OT security to get serious attention from the C-suite of any industrial organization. Using survey data, the report highlights reasons why OT security strategy should be a top-level concern. The reasons include:
The 2022 State of Operational Technology and Cybersecurity Report also offers ideas on how best to secure OT systems. Some of the suggestions include: only use solutions that offer centralized visibility of all OT activities; reduce the number of security vendors and employ products that are integrated; and deploy network access control (NAC) technology like the Fortinet role-based NAC called FortiNAC, which ensures only authorized people can access critical systems and digital assets.
For example, Fortinet delivers an integrated Security Fabric platform that covers the OT security requirements for the entire converged OT-IT network. As part of the Security Fabric, Fortinet’s proven network security solutions for operational technology include its Next Generation Firewall, FortiNAC and FortiSIEM, among other solutions. Fortinet’s Security Fabric covers the entire converged IT-OT network to close OT security gaps, deliver full visibility and provide simplified management.
To learn more about better protecting your OT network, please check out the report.