Operational Technology in the sights of the hackers
Operational Technology (OT) is the main target for cyberattacks on industrial plants. These are devices and systems that control or monitor industrial processes – such as motors, pumps or valves. "OT systems differ in function and technology from classic corporate IT. At the same time, successful cyberattacks on OT systems often cause particularly high levels of damage to the companies affected", explains Petr Láhner, Executive Vice President of the Business Stream Industrial Service & Cybersecurity at TÜV Rheinland. "We have therefore placed the Cybersecurity of Operational Technology at the center of our study, following on from the findings of the first study on this subject in 2019".
Measures for IT and OT systems not coordinated
For the "2020 Study on the State of Industrial Security", the independent market research company Ponemon Institute surveyed more than 2,200 cybersecurity experts worldwide from the automotive, health and pharmaceutical, logistics and transport, mechanical engineering, oil and gas and utility sectors. The Ponemon Institute, based in Traverse City, Michigan, is dedicated to independent research on information and privacy management in companies.
The following results show how much cyberattacks endanger OT systems:
- More than half of the respondents (57 percent) say that their companies firmly expect attacks on OT systems.
- Almost half (48 percent) are convinced that cyber threats pose a greater risk to OT systems than to the IT environment.
- Almost two thirds (63 percent) of those surveyed stated that security measures for IT and OT systems are not coordinated in their companies.
- For almost half of the respondents (47 percent), cyber threats to OT systems have increased over the past year. These include attacks such as phishing, social engineering and extortion software ("ransomware").
"From our point of view, it is crucial that companies tailor their cybersecurity measures to the specific requirements in Operational Technology. For example, some control systems may have limited cybersecurity controls in place and could subsequently be vulnerable to cyber threats. To do this, companies have to assess their OT cyber risk and invest time and money for best effect. It is alarming that in the view of the experts surveyed, there are too few financial or professional resources available for OT security. In addition, a holistic view of the security of industrial plants is often still lacking. In an increasingly networked world, industrial plants are only really secure if both their IT and OT cybersecurity is addressed”, Láhner says.
The "Study 2020 on the State of Industrial Security" is available for free download at https://go.tuv.com/otsurvey-2020.
TÜV Rheinland stands for safety and quality in almost all areas of business and life. Founded almost 150 years ago, the company is one of the world’s leading testing service providers with more than 21,400 employees and annual revenues of 2.1 billion euros. TÜV Rheinland’s highly qualified experts test technical systems and products around the world, support innovations in technology and business, train people in numerous professions and certify management systems according to international standards. In doing so, the independent experts generate trust in products as well as processes across global value-adding chains and the flow of commodities. Since 2006, TÜV Rheinland has been a member of the United Nations Global Compact to promote sustainability and combat corruption. Website: www.tuv.com
TÜV Rheinland
Am Grauen Stein
51105 Köln
Telefon: +49 (221) 806-2148
http://www.tuv.com
Pressesprecher Informationssicherheit
Telefon: +49 (221) 806-3060
Fax: +49 (221) 806-3093
E-Mail: Norman.Huebner@de.tuv.com