Operators lack ability to secure critical infrastructure from security threats

Almost 60% of executives at critical infrastructure operators said they lack appropriate controls to protect their environments from security threats, but many are planning to increase spending for industrial control system (ICS) security measures in the near future.
By Gregory Hale, ISSSource May 23, 2018

Almost 60% of executives at critical infrastructure operators said they lack appropriate controls to protect their environments from security threats, new research found.Along those lines, nearly half of all respondents indicated their organizations plan to increase spending for industrial control system (ICS) security measures in the next 12-24 months, according to a report from Indegy.

"We have been tracking the escalation in cyber threat activity specifically targeting critical infrastructures for some time," said Barak Perelman, chief executive at Indegy. "As the recent joint DHS/FBI CERT Technical Alert illustrates, adversaries have compromised facilities across the U.S. to conduct reconnaissance and likely develop ‘Red Button’ capability for future attacks."

While organizations have made significant investments to secure their IT infrastructures, they have not fully addressed threats to operational technology (OT) environments. The Indegy poll of nearly 100 executives from various critical infrastructure organizations underscores the lack of preparedness in key sectors including energy, utilities and manufacturing.

Among the key findings:

  • 35% of respondents said they have little visibility into the current state of security within their environment, while 23% reported they have no visibility
  • 63% said insider threats and misconfigurations are the biggest security risks they currently face
  • 57% said they are not confident their organization, and other infrastructure companies, are in control of OT security
  • 44% of respondents indicated an increase in ICS spending was planned in the next 12 to 24 months, with 29% reporting they were not sure.

Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information Website covering safety and security issues in the manufacturing automation sector. This content originally appeared on ISSSource.com. ISSSource is a CFE Media content partner. Edited by Chris Vavra, production editor, CFE Media, cvavra@cfemedia.com.

ONLINE extra

See related stories from ISSSource linked below.