Industrial control systems (ICS) are becoming increasingly attractive targets for cyberattacks. Despite this threat, a recent report found a security leader severely lacking visibility into her OT assets.
of Break down IT/OT silos with ICS/OT visibilityaccording to a study released on July 3, 2023, the SANS Institute found a significant discrepancy between the visibility of IT and OT assets within an organization.
For example, 80% of 350 respondents said their security operations center (SOC) only monitors ICS IT assets such as human machine interfaces (HMIs), workstations and enterprise resource planning (ERP) systems. I replied that it works. 50% claim that his OT assets such as programmable logic controllers (PLCs), sensors and remote terminal units (RTUs) have similar capabilities.
“Even when respondents had a broader SOC, only 53% of OT environments provided data for detection purposes. The rest had limited visibility to investigate and respond to incidents. It was just a matter of time,” the study said.
Lack of training and communication
In addition to visibility gaps, the study found that the biggest obstacles to improving collaboration between security and operations teams (SecOps) in IT and OT environments are primarily related to skills and processes. It became clear.
More than half of respondents (54%) cite the lack of OT training for IT staff as a major limitation to improving SecOps, while more than a third (38%) say that IT training for OT staff is also lacking. answered that there was a shortage of
Read more: Protecting the Energy and Utilities Sector Under CNI Cyber Threats
In addition, 39% of respondents said siled communication between departments contributes to low levels of collaboration between IT and OT leaders.
fill the gap
Despite the challenges, security leaders recognize that this visibility gap between IT and OT environments can be significant, with 67% including additional OT asset capabilities told SANS that it plans to expand the SOC for
Additionally, 76% of security leaders using endpoint detection and response (EDR) solutions and 70% of security leaders benefiting from network security monitoring (NSM) tools expect to deploy OT devices within the next two years. We plan to introduce these tools to
The findings are the result of research conducted by the SANS Institute in partnership with Trend Micro. The 350 respondents are security leaders in organizations of all sizes, based on every continent and across a variety of industry verticals.
