Safeguarding Critical Infrastructure is about balancing budget and security, says Yiyi Miao, Chief Product Officer, at the cyber security company OPSWAT.
At a time when digital threats to critical infrastructure (CI) have reached unprecedented levels of sophistication, the results from SANS’ 2023 ICT/OT Cybersecurity Survey sounded a resounding alarm: industrial control systems (ICS) and operational technology (OT) teams are shockingly under-resourced. This revelation comes at a time when 79pc of these teams view current threats to their organisations as severe or even critical.
According to the report, the number of organisations planning to allocate zero funding for ICS/OT security has skyrocketed from 8pc in 2022 to a staggering 22pc in 2023. This trend raises a critical question: are we adequately prepared to defend our critical infrastructure against the evolving cyberthreat landscape?
Underfunding: economic constraints versus modernisation
Budget cuts and underfunding within critical infrastructure organisations have emerged as a significant challenge in the quest for secure modernisation. The economic constraints are a pressing concern directly impacting the ability to advance and modernise CI services, which serve as the foundation of a well-connected, modern society. These key services range from powering homes through grids, purifying water in treatment plants, enabling seamless transportation networks, to providing life-saving healthcare facilities.
Until the early 2010s, ICS and IT environments were primarily isolated from one another. Many OT systems relied on mechanical and physical controls that were connected and communicated through proprietary protocols and technologies. This created a natural air gap between ICS and IT environments and mostly eliminated the need for any OT cybersecurity.
In today’s interconnected world, our lives are deeply influenced by digital technologies, extending from smart homes to industrial processes. This heightened level of interconnectivity highlights the vulnerabilities within CI systems, underscoring how their integrity directly impacts the resilience and stability of the communities they serve. Safeguarding critical infrastructure has therefore become of paramount importance. As the ICS environment continues to evolve, integrating data and digital information flow, ensuring operational continuity has become a top priority. IT and OT teams increasingly rely on ICS security to reevaluate the entire spectrum of cyber-physical risk. The stakes are higher than ever, with potential consequences ranging from financial losses and regulatory penalties to reputational damage.
Against this backdrop, CI providers find themselves at a critical stage – tasked with navigating the challenging digital transformation journey within the confines of budgets for the foreseeable future. This calls for a strategic approach that is tailored to the unique challenges of underfunding at a time when digital transformation is necessary.
Recognising the urgency of the situation, it is deeply concerning that 48% of IT teams still lack a dedicated ICS/OT incident response plan or are unsure whether they have one.
Although some facilities may be in a low-budget cycle, they must continue focusing on their ICS cybersecurity roadmap. A cornerstone of this is a multi-pronged approach that hinges on risk assessment, network visibility, and dynamic threat detection.
To enhance the effectiveness of their ICS security plan, facilities should take several key steps. First and foremost, it’s crucial to thoroughly identify, minimise, and secure all network connections to the ICS. This acts as an initial line of defence. Next, the ICS and its supporting systems should be secured by disabling any unnecessary services, ports, and protocols. Enabling available security features and implementing robust configuration management practices further bolster the system’s resilience. Regular and vigilant monitoring and assessment of the ICS, its networks, and interconnections are imperative to promptly address any emerging vulnerabilities.
In addition, adopting a risk-based defence-in-depth strategy is vital for safeguarding ICS systems and networks comprehensively. This approach involves layering multiple defensive measures to provide a comprehensive security net. Finally, it’s crucial to manage the human element effectively. This includes clearly delineating ICS requirements, setting performance expectations, holding individuals accountable for their contributions, establishing relevant policies, and providing comprehensive ICS security training for all operators and administrators. These combined efforts form a holistic strategy for the robust security of ICS systems within facilities.
Modern ICS defence protocols necessitate a comprehensive toolkit, blending tech-savvy solutions with a readiness to promptly address any operational glitches. It’s vital to acknowledge that no security measure is foolproof indefinitely. Hence, the presence of highly skilled ICS experts, well-versed in complex engineering, is invaluable. Their priority is unwavering: ensuring safety and seamless operations of control systems.
As we navigate an increasingly complex digital landscape, the need to reinforce our ICS security is pressing as noted in the SANS report. Through concerted efforts and a commitment to bolstering our critical infrastructure, we can rise to meet the challenges of today and safeguard the stability and security of our vital systems for tomorrow.
