Securing the world’s critical infrastructure and preventing cyber-attacks has been catapulted into the spotlight for many operators of critical infrastructure.
COVID-19 is causing mass disruption in the way people work across the world and businesses cannot afford a breach of any kind. While viral epidemics and cyber-attacks are certainly different, they both wreak havoc. Functioning critical infrastructure, such as power plants, is imperative during the response to the COVID-19 emergency for both public health and safety.
Recent research by global leader in industry cybersecurity, Claroty, into the state of industrial cybersecurity worldwide found that 74 per cent of IT security professionals globally are more concerned about a cyber-attack on critical infrastructure than an enterprise data breach.
The survey included a sample size of 1000 full-time IT security professionals across the United States, Australia, United Kingdom, Germany and France to determine the attitudes and concerns of IT security professionals related to OT security.
Where does Australia rank?
Respondents from Australia (93 per cent) and Germany (96 per cent) are much more confident in the overall safety of industrial networks versus respondents from the UK, US and France. They are also more confident that their country’s critical infrastructure is properly secured against cyber-attacks, with 90 per cent of respondents from Australia and 99 per cent from Germany saying that they are adequately protected.
Comparing that to the overall picture of the security of industrial networks, the survey found that 62 per cent of global respondents believe that industrial networks are properly safeguarded against cyber-attacks and that 60 per cent believe their country’s critical infrastructure is adequately protected.
Chief Security Officer of Claroty, Dave Weinstein, said, “Most IT infrastructure was designed with security in mind. Likewise, IT infrastructure is built for interconnectivity.
“The OT environment, by contrast, wasn’t originally designed to be secure and it certainly wasn’t designed to be interconnected. When managing an OT network’s security, IT professionals must recognise these fundamental differences and how they impact traditional security operations and policies.
“With OT networks, for example, you can’t simply implement patches every day. Similarly, you can’t discover devices or monitor traffic using traditional techniques or tools because most of the assets on an OT network communicate using proprietary, vendor-specific protocols that can’t be easily parsed and understood.
“While IT and OT convergence unlocks business value in terms of operations efficiency, performance and quality of services, it can now be detrimental because threats, both targeted and non-targeted, now have the freedom to manoeuvre from IT to OT environments and vice versa.
“One of the distinguishing characteristics of OT attacks compared to IT attacks is the implications for safety. OT is an environment where cyber meets physical and therefore cyber-attacks against these systems can manifest themselves in hazardous and unsafe conditions for those on the plant floor and potentially beyond.”
Who is responsible?
Interestingly, the majority of Australian respondents believe that a major cyber-attack will be carried out on Australia’s critical infrastructure within the next two years – with 46 per cent of all respondents agreeing with this time frame. 45 per cent of Australian respondents believe that electric power is the most vulnerable sector, followed by oil and gas at 26 per cent.
With 98 per cent of respondents stating it is the government’s responsibility to ensure that critical infrastructure is properly protected, there is a need for governments to ensure that operators of Australia’s critical infrastructure are equipped with the training and technologies necessary to safeguard industrial systems.
“Our mission is to help security practitioners to bridge the gap between IT and OT cybersecurity, ensuring that all bases are protected from cyber-attack. This is even more critical in this new normal of largely remote workforces, which create additional burden on Chief Information Security Officers to remotely secure their production environments,” Mr Weinstein said.
“It is clear from this survey that IT and OT security practitioners all over the globe are increasingly aware of the changing cyber risk landscape.”
This partner content is brought to you by Claroty. For more information, click here.