Rockwell Automation, Inc. has unveiled the results of its comprehensive study titled "Anatomy of 100+ Cybersecurity Incidents in Industrial Operations." This global investigation, conducted in collaboration with the Cyentia Institute, scrutinized 122 cybersecurity incidents involving direct breaches of operational technology (OT) and/or industrial control system (ICS) operations. Each incident underwent an in-depth analysis, encompassing nearly 100 data points.
According to Mark Cristiano, Commercial Director of Global Cybersecurity Services at Rockwell Automation, "Energy, critical manufacturing, water treatment, and nuclear facilities are among the types of critical infrastructure industries under attack in the majority of reported incidents. Anticipating that stricter regulations and standards for reporting cybersecurity attacks will become commonplace, the market can expect to gain invaluable insights regarding the nature and severity of attacks and the defenses necessary to prevent them in the future."
The inaugural edition of the report exposes a startling revelation: almost 60% of cyberattacks targeting the industrial sector are orchestrated by state-affiliated actors, with internal personnel unintentionally facilitating these attacks approximately 33% of the time. This aligns with industry research highlighting the escalating volume and frequency of OT/ICS security incidents, particularly aimed at critical infrastructure, including energy production facilities.
Sid Snitkin, Vice President of Cybersecurity Advisory Services at ARC Advisory Group, urged organizations to take action, "The dramatic spike in OT and ICS cybersecurity incidents calls for organizations to take immediate action to improve their cybersecurity posture or they risk becoming the next victim of a breach. The threat landscape for industrial organizations is constantly evolving, and the cost of a breach can be devastating to organizations and critical infrastructure. The report’s findings underscore the urgent need for organizations to implement more sophisticated cybersecurity strategies."
Key findings from the analysis include:
OT/ICS cybersecurity incidents in the past three years surpass the total reported between 1991-2000.
Energy remains the most targeted sector (39% of attacks), followed by critical manufacturing (11%) and transportation (10%).
Phishing remains the preferred attack technique (34%), emphasizing the importance of cybersecurity measures like segmentation, air gapping, Zero Trust, and security awareness training.
Supervisory Control and Data Acquisition (SCADA) systems are the primary target in over half of OT/ICS incidents (53%), with Programmable Logic Controllers (PLCs) following closely (22%).
More than 80% of threat actors originate from external organizations, but insiders inadvertently contribute to threat exposure in approximately one-third of incidents.
Of the OT/ICS incidents studied, 60% resulted in operational disruption, while 40% led to unauthorized access or data exposure. The repercussions of cyberattacks extend beyond the affected enterprise, affecting broader supply chains in 65% of cases.
The research underscores the critical need to bolster IT system security to combat cyber threats against critical infrastructure and manufacturing facilities. Over 80% of the analyzed OT/ICS incidents initiated with an IT system compromise, mainly due to the growing interconnectivity between IT and OT systems and applications. Proper network architecture is vital in strengthening an organization's cybersecurity defenses, as it's no longer sufficient to rely solely on firewalls. The modern OT/ICS security program is now an essential part of an industrial organization's responsibility to maintain secure and resilient operations. ###