Surveying the Trends & Horizons in OT/ICS Cybersecurity
Terence Liu
Cybersecurity challenges in the operational technology (OT) and industrial control system (ICS) domains achieved unprecedented levels in 2023. Ransomware — sometimes via new ransomware-as-a-service (RaaS) models — grew to be an increasingly prevalent and very often costly headache.
Ongoing integration of organizations’ information technology (IT) and OT environments revealed new cybersecurity hurdles to be overcome in areas such as supply chain vulnerabilities and complexities around protection of legacy systems. Plus, growing geopolitical tensions boosted the specter of more attacks initiated by state-sponsored hackers or other politically motivated perpetrators.
These clear trends stand to intensify the ongoing drive among global organizations toward OT/ICS cybersecurity strategies that go far beyond mere regulatory compliance. Unevenly across industries and geographic markets, organizations are overhauling governance structures, strengthening team and technical capabilities, adopting advanced threat detection and response systems and casting keener scrutiny on supply chain risk management.
Over the rest of 2024, we can expect to see closer collaboration and more aggressive action among businesses and governments alike in such areas, as they seek to safeguard the availability, reliability and security of operations and digital transformation accelerates.
What to Expect in 2024
Overhauling governance — In 2023, the cybersecurity landscape witnessed a transformative phase, especially in OT and ICS. Governments globally revised laws and standards to bolster security in critical infrastructure sectors. In the United States, significant regulatory cybersecurity initiatives are currently enhancing critical infrastructure.
The White House released a new National Cybersecurity Strategy in March 2023, focusing on building defensive and resilient capabilities for IT and OT systems. Moreover, in the energy sector, several regulations were updated or established. These regulations commit to strengthening federal cybersecurity through Zero Trust Architecture and modernizing IT and OT infrastructure.
Additionally, internal OT cybersecurity governance within companies underwent changes. Traditional chief information, security and technical officers (CIOs, CSOs, and CTOs) played pivotal roles in OT/ICS cybersecurity decisions, while chief executive officers increased their involvement. Dedicated teams tackled unique challenges, with some organizations opting for shared approaches to resource integration and cross-departmental collaboration.
Looking for quick answers on security topics? Try Ask SDM, our new smart AI search tool. Ask SDM →
Boosting capabilities — OT/ICS security budgets continue to increase, with protection of critical OT assets and data security figuring to continue to emerge as the most highly prioritized investment areas. The evolving threat landscape and recent incident impacts are encouraging organizations to proactively enhance their defense mechanisms against cyber threats in OT/ICS, as they report experiencing substantial complexity in cybersecurity, especially around the convergence of IT and OT systems.
For example, traditional IT defense mechanisms that are cloud based and prone to frequent updates often do not integrate seamlessly into OT systems, especially those which are either offline altogether or isolated from external networks. Consequently, approaches built for the particular requirements and characteristics of OT and ICS continue to gain favor, as OT system maintenance and IT integration remain significant concerns.
Adopting threat detection and response — Another projected area of budget allocation are tools for strengthening the resilience of technological infrastructures. Innovative approaches to enhance OT security posture and resilience against evolving threats have emerged, such as operation-centric Cyber-Physical Systems Detection and Response (CPSDR). Security countermeasures are aligned with equipment performance in CPSDR, and deviations from normal operations are detected and suppressed early in order to avert system instability. Organizations are guarded from known and unknown threats, ensuring uninterrupted system protection and minimizing downtime from benign changes.
Scrutinizing supply chains — The cybersecurity risks associated with supply chains and other third parties continue to garner closer attention among organizations globally. In some regions, regulations are crystalizing focus on creating a more risk-aware and resilient digital ecosystem capable of better controlling internal systems and proactively reducing supply chain risks. In the United States, for example, Executive Order 14028 emphasizes “Cybersecurity Supply Chain Risk Management,” and new and forthcoming National Institute of Standards and Technology (NIST) guidance influences contractors’ technology infrastructure and cybersecurity compliance.
A Growing Respect for the Risks
The rapidly evolving threat landscape in industrial manufacturing, critical infrastructure and other sectors is prompting aggressive action among diverse organizations globally. Ransomware, threats exploiting IT/OT convergence and the likelihood of politically motivated attacks are on the rise, and the potential of threats in the OT/ICS domain to jeopardize human safety and wreak significant economic losses are especially great. Reflecting a deeper understanding of and respect for such risks, businesses and governments worldwide in the months and years ahead will continue to adjust cybersecurity governance, expertise, capabilities and investments for emerging challenges.
For more information on the growing range of cybersecurity issues facing global industries, check out the TXOne Networks report, The Crisis of Convergence: OT/ICS Cybersecurity 2023.
