SANS ICS/OT report: Attacks go beyond traditional network assaults.
N2K logoOct 28, 2022

Cybersecurity of operational technology has shown some improvement, and IT networks continue to serve as the principal attack vector into industrial systems.

SANS ICS/OT report: Attacks go beyond traditional network assaults.

The SANS 2022 OT/ICS Cybersecurity Report, sponsored by Nozomi Networks, was released this morning, Friday, October 28th. The survey indicates that OT cybersecurity has improved compared to last year’s survey:

  • “62% of respondents rated the risk to their OT environment as high or severe (down slightly from (69.8% in 2021).
  • “Ransomware and financially motivated cybercrimes topped the list of threat vectors (39.7%) followed by nation-state sponsored attacks (38.8%). Non-ransomware criminal attacks came in third (cited by 32.1%), followed closely by hardware/software supply chain risks (30.4%).
  • “While the number of respondents who said they had experienced a breach in the last 12 months dropped to 10.5% (down from 15% in 2021), 35% of those said the engineering workstation was an initial infection vector (doubling from 18.4% last year).
  • “35% did not know whether their organizations had been compromised (down from 48%) and 24% were confident that they hadn’t had an incident (a 2x improvement over the previous year)
  • “In general, IT compromises remain the dominant access vector (41%) followed by replication through removable media (37%)”

Nozomi Networks Co-founder and CPO Andrea Carcano stated, “While threat actors are honing their ICS skills, the specialized technologies and frameworks for a solid defense are available. The survey found that more organizations are proactively using them. Still, there’s work to be done. We encourage others to take steps now to minimize risk and maximize resilience.”

Added, 10.31.22.

Pete Lund, VP of Products - OT Security at OPSWAT, offered what he takes to be the three key takeaways from the report:

  • "The number one item on the list of initiatives to act on in the next 18 months for over 41% of those surveyed, was to improve asset visibility. Having a solution in place that gives its operator a clear picture of what’s connected on your network, key information about the connected asset (country of origin, firmware, make and model, etc.), and threat level goes a long way in mitigating the risk of intrusion, but it is only the first step; don’t stop there." 
  • "Low on the list of troublesome threat vectors in this survey were transient assets and removable media at 5.1%. However, we know they present a sizeable risk – especially to those industries that require air-gapped networks for additional security."
  • "All ICS Environments rely heavily on automation, yet it is such a low priority for increasing cybersecurity with only 9.2% of respondents selecting it as a top initiative."