PAS Global, the OT Integrity company, today announced findings from its survey of Operational Technology (OT) Cybersecurity Readiness including that 85% of respondent organizations are not highly prepared for an OT cyber attack. This finding and others will be discussed at OptICS 2020, taking place on October 27 and 28 online and around the world.
Survey respondents were asked to gauge the degree of OT cybersecurity risk for several potential threats. “Human Error” topped the list as the highest risk area followed by “Nation States”, “Digital Transformation”, “Remote Work”, “Criminal Activity”, and “Internal Malicious Actors”.
Other survey highlights to be discussed at the conference include:
- Only 12% of respondents indicated OT cybersecurity risk is low
- 37% have experienced an OT cybersecurity incident in the last year or do not know if they have
- 85% reported an inadequate OT asset inventory
- 38% are taking an ad hoc or reactive approach to OT vulnerability management
- Only 27% are taking a proactive approach to OT vulnerability management based on business risk
“The need to reduce OT cybersecurity risk is more important than ever with inadvertent human error representing the greatest threat according to our survey respondents followed by adversarial nation states, expanding digitalization and an increasingly remote workforce,” said Eddie Habibi, CEO and Founder of PAS. “Organizations such as the Cybersecurity and Infrastructure Security Agency (CISA) in the United States Government continue to raise awareness of the threat, however, our survey demonstrates there is still a long way to go.”
“With only 12% of respondents indicating the OT cybersecurity risk to their organization is low, it is surprising to see just 15% say they are highly prepared for an OT cyber attack,” Habibi continued. “Additionally, 16% of respondents said they had experienced an OT cyber incident in the last year, which indicates such attacks are not isolated cases any longer. We should be just as concerned, however, that 21% of the respondents were unsure whether their organization had experienced an OT cybersecurity attack in the last year.”
“It is a foundational best practice in OT cybersecurity to have a detailed and accurate asset inventory,” said Mark Carrigan, Chief Operating Officer of PAS. “However, 85% of our survey respondents reported having an inadequate inventory. While the industry has made strides over the last few years, it is clear much more work needs to be done.”
“Trying to reduce OT cybersecurity risk without a solid OT asset inventory is like attempting to build a house without a solid foundation,” Carrigan added. “As such, it is not surprising that 38% of respondents indicate their organization is taking only an ad hoc or reactive approach to OT vulnerability management with just 27% taking a proactive approach based on business risk.”
In addition to the keynote address from Mr. Habibi and Mr. Carrigan, which will discuss the results of the survey in further detail, some of the other notable conference speakers include:
- Shola Anjous, OT / ICS Leader – Motiva
- Michael Carroll, VP Innovation – Georgia-Pacific
- Eric Cosman, President – The International Society of Automation
- Juan Espinosa, Principal Project Manager – Parsons
- Kristin Hanie, Senior Engineer – Southern Company
- Jason Haward-Grau, Managing Director of Cyber Security – KPMG
- John Hedengren, Associate Professor – Brigham Young University
- Asad Kazmi, Lead Systems Engineer – Petroleum Development Oman
- Greg Matejka, BES Cyber Support Supervisor – City Water Light & Power
- Mike McFarlane, Director of Digitalization for Production and Technology – BASF
- Matthew Meehan, Senior Automation Engineer – Origin Energy
- Matt Morris, Managing Director of the Security and Risk Consulting Practice – 1898 & Co
- Larry O’Brien, VP Research – ARC Advisory Group
- Madan Panwar, Lead Instrument and Control Engineer – PETRONAS
- Dale Peterson, CEO and Founder – Digital Bond and S4 Events
- Anup Sharma, SVP of Global Business Services – LyondellBasell
- Leo Simonovich, VP and Head of Industrial Cyber and Digital Security – Siemens Energy
Registration for OptICS 2020 is complimentary and remains open until the program begins on October 27. Click here to register.
The PAS Operational Technology (OT) Cybersecurity Readiness survey was conducted during the months of September and October 2020. Respondents must have indicated they were involved in business or technical decisions related to OT Cybersecurity. The survey was conducted globally with responses from Asia Pacific, Central and South America, Europe (including Sub-Saharan Africa), the Middle East (including North Africa), and North America. Respondents were from organizations ranging from less than 500 to more than 50,000 employees in size across Agribusiness; Chemical Processing; Discrete Manufacturing; Food & Beverage; Mining & Metals; Oil & Gas (including Petroleum Refining and Petrochemicals); Power Generation & Utilities; Pulp, Paper & Wood; and other industries.