Earlier in July, SANS published the results of its 2017 ICS cybersecurity survey. You can register to view the webcast here. ARC reported previously on the alliance between ARC Advisory Group and SANS, and as part of that alliance, ARC vice president Sid Snitkin wrote the prologue to the survey. Here’s what Sid had to say about the survey results and how they match up to what ARC sees as some of the key challenges in cybersecurity.
“The findings of this SANS research are quite interesting. Despite some significant differences in the survey groups, the results align quite well with ARC’s ICS cyber security surveys of plant operators, process control engineers, and manufacturing IT specialists. Everyone considers budgetary constraints and the introduction of potentially insecure Industrial Internet of Things (IIoT) devices as major challenges. Plant personnel are also concerned that investments in technology have given managers a false sense of security, while lack of resources and security management tools are undermining the effectiveness of these defenses. Lack of cyber security expertise is another critical issue, and plant personnel recognize the need for convergence of IT and operational technology (OT) cyber security efforts. But plant personnel still lack trust in IT groups. Seeing that this concern is appreciated by all the groups who participated in the SANS survey is very encouraging. Cultural roadblocks have been jeopardizing the security of our critical infrastructure for far too long. We hope that a shared understanding of the challenges will help us overcome this major obstacle.”
The increasing importance of ICS cybersecurity has been made even more painfully obvious in recent months as new attacks increasingly target the ICS infrastructure. These include Crash Override (aka Industroyer) malware that disabled the Ukrainian power grid in December of 2016. Close to 70 percent of all respondents to the SANS ICS survey considered threats to the ICS infrastructure to be severe or critical. IT networks and infrastructure may be attacked with more frequency, but in the case of attacks on industry and critical infrastructure, it is the ICS systems that have the ability to act in the physical world, opening breakers to disrupt power grids, opening valves and actuators, proving false sensor readings, and more.
Many end users are also finding it increasingly difficult to manage ICS cybersecurity challenges on their own. As the survey shows, end users are spending a significant amount of time doing cybersecurity related work. In small organizations especially, end users reported spending up to 75 percent of their time managing cybersecurity related issues.