Industrial control systems (ICS) are an increasingly attractive target for cyber-attacks. Despite the threat, a recent report has found that security leaders severely lack visibility in their OT assets.
In Breaking IT/OT Silos With ICS/OT Visibility, a study published on July 3, 2023, the SANS Institute found significant discrepancies between IT and OT asset visibility within organizations.
For instance, while 80% of the 350 respondents said their security operations center (SOC) has monitoring capabilities for the IT assets of their ICS – which include human-machine interfaces (HMIs), workstations and enterprise resource planning (ERP) systems – only 50% claim similar capabilities for their OT assets like programmable logic controllers (PLCs), sensors and remote terminal units (RTUs).
“Even in the case where respondents had a more expansive SOC, only 53% of their OT environments provided data for detection purposes – the rest only had limited visibility that allowed them to conduct incident investigation and response,” the study reads.
Lack of Training and Communication
In addition to gaps in visibility, the study reveals that the top obstacles to improving the collaboration between security and operational teams (SecOps) in IT and OT environments are mainly related to skills and processes.
Over half of the respondents (54%) cited the lack of OT training for IT staff as the main limitation for improving SecOps, while over one-third (38%) said OT staff also lacked IT training.
Read more: Securing Energy and Utility Sectors Amid CNI Cyber Threats
Additionally, 39% of respondents said communication silos between departments contributed to the low level of collaboration between IT and OT leaders.
Bridging the Gap
Despite the issues, security leaders are aware that this visibility gap between their IT and OT environments could be critical and 67% told SANS that they had plans to expand their SOC to include additional OT asset capabilities.
Additionally, 76% of security leaders using an endpoint detection and response (EDR) solution and 70% of those who benefit from network security monitoring (NSM) tools plan to deploy them on OT devices within the next two years.
Findings from this study came from a survey conducted by the SANS Institute in collaboration with Trend Micro. The 350 respondents are security leaders from organizations of all sizes across various industrial sectors and located on all continents.