The energy sector recorded three times as many operational technology (OT) and/or industrial control system (ICS) cybersecurity incidents as the next closest vertical, according to a study conducted by the Cyentia Institute, a research and data science firm, and sponsored by Rockwell Automation, an industrial automation and information provider.
“Energy, critical manufacturing, water treatment, and nuclear facilities are among the types of critical infrastructure industries under attack in the majority of reported incidents,” Mark Cristiano, commercial director of Global Cybersecurity Services at Rockwell Automation, said in a statement released with the report.
SCADA Systems Commonly Targeted, Phishing a Popular Technique
The report, titled “Anatomy of 100+ Cybersecurity Incidents in Industrial Operations: A Research Study With Recommendations For Strengthening Defenses in OT/ICS,” also found that nearly 60% of cyberattacks against the industrial sector are led by state-affiliated actors. In more than half of OT/ICS incidents, supervisory control and data acquisition (SCADA) systems are targeted (53%), with programmable logic controllers (PLCs) as the next-most-common target (22%).
The study was tightly focused on OT/ICS security incidents. Researchers reportedly analyzed 122 OT incidents spread across North America, Europe, the Middle East, Asia, and Africa. Cyentia said it collected nearly 100 data points for each incident and built several models to examine relationships around the data, revealing patterns that led to the conclusions in this report.
Phishing was cited as the most-popular attack technique (34%). Other common access vectors include external remote services (19%), replication through removable media (13%), remote services (11%), and supply chain compromise (8%).
The report notes that there was a 2,000% increase last year in “adversarial reconnaissance targeting Modbus/TCP port 502,” a commonly used industrial protocol, which could allow hackers to control physical devices and disrupt OT operations. In fact, the report says 60% of the OT/ICS incidents analyzed resulted in operational disruption, and 40% resulted in unauthorized access or data exposure.
How to Reduce Cyberattack Risks
“The dramatic spike in OT and ICS cybersecurity incidents calls for organizations to take immediate action to improve their cybersecurity posture or they risk becoming the next victim of a breach,” said Sid Snitkin, vice president of Cybersecurity Advisory Services with ARC Advisory Group, a technology research and advisory firm for the industrial, energy, and infrastructure markets.
“Having a strong, modern OT/ICS security program in place must be a part of every industrial organization’s responsibility to maintain safe, secure operations and ongoing availability,” the report says. To get started, it recommends the following:
- Focus on defense-in-depth, including pulling from structures such as Zero Trust and the NIST (National Institute of Standards and Technology) Cybersecurity Framework.
- Secure remote access through stronger passwords and multifactor authentication.
- Monitor for threats 24/7.
- Segment information technology (IT) and OT to make the most of firewall configurations that will help keep IT attacks from bleeding into OT environments.
- Continuously train internal staff to keep up with the latest phishing scams and how to avoid them.
“Anticipating that stricter regulations and standards for reporting cybersecurity attacks will become commonplace, the market can expect to gain invaluable insights regarding the nature and severity of attacks and the defenses necessary to prevent them in the future,” said Cristiano. To download the full 34-page report, visit: rockwellautomation.com.
—Aaron Larson is POWER’s executive editor (@POWERmagazine).