Global State of Industrial Cybersecurity

Digital transformation is here to stay and is good for business, but it is also creating greater urgency to bridge the cybersecurity gap between Information Technology (IT) and Operational Technology (OT). While IT and OT convergence unlocks business value in terms of operations efficiency, performance, and quality of services, it can also be detrimental because threats — both targeted and non-targeted — now have the freedom to maneuver from IT to OT environments and vice versa.

In this report, we explore the state of OT security from the perspective of IT security practitioners, and provide practical recommendations on how to bridge the IT and OT cybersecurity gap. This report also examines the attitudes and concerns of IT security professionals related to OT security. We asked participants to share their perspectives on a range of topics, including:

• Current safety of industrial networks and critical infrastructure
• Level of concern about cyberattacks on critical infrastructure
• Types of attacks believed to be most prevalent
• Attitudes about training and responsibility for protecting OT networks

While the survey revealed some geographic differences, one area where most IT security professionals surveyed agree is concern over securing OT networks. Despite reporting they have received training and have the required skills, the majority of respondents would rather face a massive data breach than a critical-infrastructure related cyber attack.

This is especially important for Chief Information Security Officers (CISOs) because while digital transformation is shrinking the divide between IT and OT, the historic lack of parity between IT and OT security resources is creating opportunities for adversaries. CISOs have significant catching up to do to lock down their production environments. Part of the challenge has been that traditional IT security solutions are not compatible with industrial control systems (ICS) protocols. However, this doesn’t necessarily mean organizations must make substantial investments in new IT security tools and staffing in order to properly secure their OT environments.