Research Library

The top resource for free research, white papers, reports, case studies, magazines, and eBooks.

Share Your Content with Us
on for readers like you. LEARN MORE
SANS Report: The State of ICS/OT Cybersecurity in 2022 and Beyond

Request Your Free Survey Report Now:

"SANS Report: The State of ICS/OT Cybersecurity in 2022 and Beyond"

The industrial control system (ICS)/operational technology (OT) security community is seeing attacks that go beyond traditional attacks on enterprise networks. Given the impacts to ICS/OT, fighting these attacks requires a different set of security skills, technologies, processes, and methods to manage the different risks and risk surfaces, setting ICS apart from traditional IT enterprise networks.

Adversaries in critical infrastructure networks have illustrated knowledge of control system components, industrial protocols, and engineering operations. From the previously observed impactful attacks, such as CRASHOVERRIDE1 in the electric sector, human machine interface hijacking through remote access2 in water management, and ICS-specific ransomware3 in the manufacturing and energy sectors, to the more recent Incontroller/PIPEDREAM4 advanced scalable attack framework targeting multiple ICS sectors, ICS/OT attacks are more disruptive with the possibility of physically destructive capabilities. Threat intelligence supports the fact that industrial security defenders across all sectors must address new challenges and face serious threats.

The 2022 SANS ICS/OT Cybersecurity survey results reveal several changes and significant focus on ICS operational improvements; however, progress in key areas needs more emphasis to defend our critical infrastructure into the future. Industrywide insights from this survey include:

  • Significant change in who is being called to perform ICS incident response
  • A shift in the responsibility for implementing security controls in ICS/OT
  • Continued value and investment in ICS-specific training and skillset development
  • Steady increase in obtaining the benefits of an ICS asset inventory
  • A more dedicated focus on ICS operations
  • A significant uptake in ICS-specific threat intelligence for active threat-hunt defense
  • Industry struggles on actions related to threat detection coverage
  • Continued adoption of MITRE ATT&CK for ICS framework

Offered Free by: Cyolo
See All Resources from: Cyolo

Recommended for Professionals Like You: