Much critical infrastructure runs on legacy systems that are more susceptible to cyberattacks.
High Contrast
Much critical infrastructure runs on legacy systems that are more susceptible to cyberattacks.
Segmentation between IT and OT environments can help prevent attacker access to OT systems.
An OT/ICS security assessment can help companies understand how well they are protected.
Cybersecurity in industrial environments has always been a concern, but the current cyberthreat landscape is making it an even higher priority. According to RSM data, reported breaches over a recent one-year period matched a high seen only once before in nine years of data collection by the firm. The threat environment is more challenging now as generative AI and other new technologies increase risk, placing an enterprise emphasis on well-maintained protective strategies.
Twenty-eight percent of middle market executives surveyed in the Q1 RSM US Middle Market Business Index survey said their organizations experienced a data breach in the last year, rising from 20% in the 2023 survey and matching results from the 2021 RSM survey. Increases were seen across the board, as breaches at smaller middle market companies rose to 20% from 12% a year ago, and those at their larger counterparts were up to 37%, compared to 28%.
Additionally, the Cybersecurity & Infrastructure Security Agency in March 2024 proposed reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act. Organizations across critical infrastructure sectors would be required to report cyber incidents within days.
For industrial companies, weak cybersecurity endangers computer programs as well as factory systems and power plants. The outdated infrastructure of many manufacturers also makes them a target, and cyberattacks may hinder production and profitability.
For decades, our economies and daily lives have depended on operational technology (OT), such as industrial control systems (ICS) or supervisory control and data acquisition (SCADA) systems, for necessities like bringing water, power and gas into our homes; transporting gasoline needed for vehicles; running public transit; and manufacturing consumer products like food, medicine and beverages.
OT was not designed for our digital world, and therefore, much of our critical infrastructure runs on legacy systems that are more susceptible to cyberattacks. Many of these systems don’t have the protective features and capabilities that we’ve come to expect from modern systems (e.g., antivirus software, security patches, passwords, etc.). Operational limitations historically kept such protections from being used. However, the need for real-time information when making business decisions and optimizing performance has required these systems to be connected to our business networks and the internet.
Cyberattacks on these systems now can affect the safety of workers and the public. As a result, our critical infrastructure must not only secure these systems against attacks, but also incorporate operational resilience for continued operations in the event of a successful cyberattack.
Considering the impact these OT/ICS/SCADA systems have on our daily lives, including many critical infrastructure processes, the availability of these systems, and any other applications they rely on, is essential. Security breaches in the IT environment can create a chain reaction that is harmful to our economy, infrastructure and daily lives.
Not all companies need highly complex security programs, but any industrial environment should have an industrial control security program in place. When developing these programs, companies should consider basic elements to protect their systems, detect possible attacks, and respond and recover from an incident.
RSM has a dedicated team of cybersecurity professionals specializing in OT/ICS/SCADA environments. Our practice leaders have experience in securing companies in the oil and gas, power and utilities, manufacturing, chemical/petrochemical, mining, and communications industries, among others.
We have helped our clients through assessing their current state, designing rightsized OT/ICS/SCADA security programs and architectures with an implementation road map, and implementing these programs and architectures with the technical, strategic and governance-related components.
For companies wondering whether something like this could happen to them and how well they are protected, we offer a rapid OT/ICS security assessment, which includes:
Through this analysis, we can help you identify not just the current state of your OT/ICS security program, but ultimately your resilience level against typical attacks.