Security Awareness – Rockwell Study Reveals Significant Increase in Attacks on Critical Infrastructure OT/ICS Systems

A recently published study by Rockwell Automation, “Anatomy of 100+ Cybersecurity Incidents in Industrial Operations,” revealed OT/ICS security incidents have increased significant over the past few years and a large majority of the attacks were perpetrated by state-affiliated threat actors, among other notable findings.

Rockwell’s report found OT/ICS cybersecurity incidents in the last three years have already exceeded the total number reported between 1991-2000, with attackers intensely focused on the energy sector (39% of all reported attacks). Of the reported incidents, around 60% were conducted by state-affiliated threat actors, with internal personnel unintentionally facilitating these attacks in roughly 33% of cases. Also, 40 percent of these cyberattacks resulted in unauthorized access or data exposure to the targeted organization. Survey data found that over 80% of the attacks started with an IT system compromise. The report attributed this to “increasing interconnectivity; most OT networks communicate with the outside world via an IT network. [With] attackers increasingly leverage internet-facing systems such as human-machine interfaces (HMIs) and engineering workstation applications.” In addition, SCADA (supervisory control and data acquisition) systems were targeted 53% of the time and PLCs (programmable logic controllers) were targeted in 22% of the cases.

Phishing continued to be the most popular attack technique (34%), underscoring the need for basic cyber hygiene and phishing awareness training. Also, attackers utilized lateral tool transfers, exploitation of remote services, and standard application layer protocols to manipulate an operator’s view, and in many instances, to take control over specific OT processes. The report provides recommended mitigations to help secure your OT/ICS environment, including segmenting IT and OT assets, securing remote access, implementing multifactor authentication; and monitoring for threats 24/7. Read more at Industrial Cyber.