Mind the OT cyber perception gap
Aaron Blutstein 20 November 2023 
When it comes to defending critical infrastructure from cyber threats, there’s a gap between executive decision makers – who hold the purse strings – and front-line workers. While those who are tasked with protecting, monitoring, and defending against cyber-attacks see the vulnerabilities in operational technology (OT) environments, that awareness is not always recognised and prioritised at the senior executive level. Ian Bramson, Global Head of Industrial Cybersecurity, ABS Group explains further.
A recent study from the SANS Institute entitled “Threat-Informed Operational Technology Defense: Securing Data vs. Enabling Physics” reports that 61% of survey participants indicate that a gap in the perception of the level of cybersecurity risk to ICS (industrial control systems) between the OT/ICS cybersecurity front-line teams and other parts of their organisations. Further, 35% of the survey respondents believe that this same gap exists between senior management and the OT/ICS cybersecurity front-line teams. This translates into a lack of cyber preparedness in industrial organisations and a significant threat to OT environments.
A comprehensive industrial cyber program requires commitment and coordination at all levels of an organisation. Most organisations focus efforts on the last incident, while threat actors are more focused on new ways of infiltrating OT systems. The emphasis needs to be on training, policies and procedures, and monitoring to prepare for the unexpected. The first order of business is to know what you need to protect. However, according to the SANS survey 30% of respondents do not have an established and maintained ICS asset inventory of OT devices. Organisations need to stop relying on “clipboard asset inventories” and start thinking about long-term solutions. Understanding where the attacks could enter into the OT network isn’t always clear, much less being able to recognise such an incident as it occurs. Attacks may present themselves as maintenance failures or other disruptions to operations, such as operator error or outdated equipment. Once you have identified your vulnerable systems, you need to focus on getting better visibility. According to the SANS survey, only 22% have the visibility needed to defend against modern threats, and 7% have no visibility into their control systems at all!
It is clear from the research that even the most basic steps are not being taken by many companies to properly shore up cybersecurity in industrial environments. With frequent headlines reporting attacks on critical infrastructure and 45% of survey participants estimating the current threats to their control systems as high risk, one might wonder why industrial organisations have not moved more swiftly to identify their vulnerabilities and engage in more active monitoring of the systems that run the lifeblood of their business.
The gap between those who fund cyber programs and those charged with protecting operations must be closed. Investment and prioritisation should come from the top down. This means investing in resources that understand OT systems. Too often, cybersecurity rests in the hands of the IT departments where the solutions are very mature – but do not work in an OT environment. A “copy and paste” approach can potentially lead to dangerous consequences. OT systems deal in physical spaces and disruptions to equipment can result in halted operations and harm to workers, affect communities, and even the environment. This is what is known as the “cyber physical” effect.
Companies must look beyond regulatory compliance and into reality. Compliance moves at the speed of government. To protect your operation, you need to move at the speed of cyber. That is where cyber hackers live. This might mean that organisations need to restructure or look to outside help to elevate their cyber posture.
How far would you go to close the gap and protect the heart of your business?
