Cyber security threats against industrial control systems are growing and identifying attacks continues to be a major challenge, according to an annual ICS survey by SANS Institute, a provider of security education programs.
The report, co-sponsored by security products company Nozomi Networks and others, found that while there has been some progress in protecting critical assets and infrastructure, new challenges have emerged. As part of the research, SANS gathered and analyzed raw data from hundreds of IT and ICS security practitioners across a variety of industries.
Forty percent of 10 ICS security practitioners said they lack visibility into their ICS networks, which is one of the primary impediments to securing these systems, the study said. Ransomware was newly identified as a top threat, along with the growing addition of devices to the network.
Despite news coverage of recent attacks on unpatched systems, SANS found that only 46 percent of survey respondents regularly apply vendor-validated patches; and 12 percent neither patch nor layer controls around critical control system assets.
While reliability and availability remain the highest priority for OT systems, 69 percent of ICS security practitioners think threats to the ICS systems are high or severe and critical.
“With more and more unprotected devices making their way into operational networks, and with ransomware, hacktivism and nation state attacks on the rise, owners of critical infrastructure can no longer afford to gamble with weaknesses in ICS security,” said Edgard Capdevielle, Nozomi Networks CEO.