Why ICS/OT Requires Special Controls and a Separate Cyber Security Budget
Addressing ICS/OT (Industrial Control Systems/Operational Technology) security with traditional IT security methods is not only ineffective, but also high risk. In the rapidly changing world of cyber security, the needs of ICS/OT systems are very different from traditional IT security. These engineered systems, which operate critical infrastructure such as power grids, oil and gas processing plants, heavy industry, food and beverage production, require specialised security strategies and controls due to their unique operational requirements and risks affecting the physical world. Protecting these systems against increasing cyber-attacks is critical for national security and economic stability. Implementing ICS/OT specific cyber security controls and strategies is an effective and responsible approach.
Increasing Cyber Threats in ICS/OT Environments
ICS technologies, which form the basis of modern infrastructure, are becoming the target of increasingly sophisticated cyber attacks. These attacks usually aim to cause irreparable physical damage to critical engineering assets. Incidents such as TRISIS, CRASHOVERRIDE, Pipedream and Fuxnet demonstrate how cyber threats have evolved from mere nuisances to situations that can have devastating consequences. Such attacks by state-sponsored groups and cybercriminals go beyond financial gain and serve purposes such as war and sabotage. In addition, human-orientated ransomware and targeted ransomware against ICS/OT systems have recently become a serious concern. According to data from the 2024 SANS ICS/OT Cyber Security Survey, only 31% of respondents have a Security Operations Centre (SOC) with ICS/OT-specific capabilities. This is a major deficiency in terms of effective incident response and system monitoring. Therefore, it is vital that critical infrastructures protect these engineered systems using ICS/OT-specific threat detection and visibility controls.
Assessment of ICS/OT Cyber Security Expenditures and Risks
Some ICS/OT organisations may have imbalances in security budget allocation. In the past, the majority of cyber security funding was allocated to IT networks and technologies. However, increasing interconnectedness, IT networks and the Internet pose serious risks to ICS/OT environments. According to the 2024 SANS ICS/OT Cyber Security Report, 46 per cent of attacks on ICS/OT environments originate from a vulnerability in IT support networks, impacting ICS/OT networks and operations. This highlights the fact that a coordinated cyber attack carries serious environmental, operational and human security risks.
Evaluation of ICS/OT Security Controls
Applying traditional IT security measures in ICS/OT environments can create a false sense of security and disrupt engineering operations. According to the 2023 SANS ICS/OT Cyber Security Report, only 52 per cent of these facilities were found to have an engineering-focused incident response plan.
Approaches such as SANS Five Critical Cyber Security Control for ICS/OT environments are of great importance. These controls are designed to adapt to an organisation’s risk model and provide implementation guidance.
Even just one of these controls, ‘ICS Network Visibility Monitoring’, provides benefits that go beyond security:
- Safe, passive traffic analysis to identify engineering assets
- Elimination of engineering problems
- Detection of security vulnerabilities
- Meeting compliance requirements
Strategic Reassessment Opportunities
ICS organisations can become more resilient to threats by redirecting cyber security spending towards operational technologies. Purdue Model 1. with 3.5. These goals can be achieved by prioritising between levels
ICS/OT leaders and analysts can validate and implement the SANS Five Critical Cybersecurity Checks. You can also attend the ICS515 course to be held in New Orleans in February, or at the 20th ICS515 course in June. They can meet with experts on these topics at the annual ICS Security Summit.
Kaynak: https://thehackernews.com/2025/01/the-high-stakes-disconnect-for-icsot.html
