Top 5 Trends in OT and ICS Security for 2023

2022 has pushed the Digital Transformation in OT and ICS environments even further, still in great part because of the after-effects of the pandemic: the pressure is intense to make the supply chains more efficient (after the significant supply chain disruptions we experienced the last few years) and more resilient – including the use of predictive analytics, or even full blown Machine Learning, to predict failures.

This has led to even greater data aggregation in the Cloud, which is definitely not the traditional (or ideal) environment for OT and ICS technology.

The combination of this pressure with worsening staffing pressures has led to some trends that will inevitably continue into 2023:

1. The Air Gap is Almost Completely Gone

The need for all this data to be pushed to IT and the cloud, so it can be analyzed for increases in efficiency and resiliency, has meant previously isolated legacy OT systems (some decades old) may be now connected to IT systems that push OT data.

In fact, most industrial installations are managed in conjunction with the manufacturer because they require specific knowledge and skilled staff. As a result, many organizations have enabled some form of external network access or rely on manual mechanisms, such as USBs or Direct Networking connectivity.

In parallel, new IIoT/IoT programs have introduced devices connected directly to the enterprise network, enabling even more remote operations, and exposing new entry points.

Trying to apply modern security principles like Zero Trust has proven to be difficult, error prone and in some instances insufficient with the change in system interoperability.

Now that the dust has settled, organizations realize they need real-time and continued trust enforcement that works for OT environments including their critical Industrial Control Systems (ICS) and networks.

Continuous monitoring and Zero Trust fills the gaps that have been left exposed in industrial environments. What is needed is a new generation security solution that continuously secures connected devices spread across both industrial and IT, and cloud environments.

2. Cloud and Software as a Service Powers Digital Transformation

Technology adoption in industrial environments is typically slower due to its inherent complexity and longer life cycle, but managing OT and ICS systems on-site has proven to be very challenging during and after the pandemic.

Vendors and integrators are now offering various forms of cloud implementations, such as private cloud, public or hybrid – each with its own benefits and risks.

At the same time, new digital native players emerge in every market segment, creating fierce competition for companies that need to integrate their legacy heritage with new technology adoption. Business leaders understand the need to take a strategic approach and embed digital technology along the value chain to remain relevant and obtain a competitive advantage.

3. MSSPs are Increasingly Becoming Dominant

While critical systems and infrastructures are left under-protected, an estimated 3.12 million cyber security professionals are required to fill the current talent gap, according to an ISC report conducted in 2021. And when it comes to the journey of IT/OT convergence, it exposes an even greater challenge as OT security skills specifically seem to be a rare gem.

Worse yet, often employers find themselves in the unfortunate situation of training a new employee for their very specific environment, to only have that employee leave after 6 months for a higher salary.

In fact, according to Forbes, Sixty-Four Percent Of SOC Analysts Will Leave Their Jobs This Year.

The end result of this, combined with the previous two trends, is that more and more companies simply outsource this problem to MSSPs.

To implement and support their IT/OT integration with limited human capital, organizations and their MSSPs are looking for technologies that provide the highest level of efficiency.

• Automation and Playbooks reduce repetitive tasks and enhance response times
• Behavior Pattern Detection and Artificial Intelligence deliver threat-awareness that no human effort could provide

• IT systems and staff find themselves sharing tools and support cycles to their OT brethren.

4. The Number of Published Vulnerabilities is Exploding

The exposure of these systems – many of them designed decades ago – to the Internet has added to the ongoing trend of an exploding number of found vulnerabilities. In fact, Over 8,000 vulnerabilities were published in Q1 of 2022. This is about a 25 percent increase from the same period the year prior.

Asset vulnerability management really needs to go beyond simple vulnerability scanning so you can focus on high-risk vulnerabilities that can cause costly disruptions:

• A real-time and continual assessment of vulnerabilities across the entire enterprise
• Identifying risk for all known vulnerabilities, according to business criticality, allows for the prioritizing of what vulnerabilities need to be addressed first.
• Continual program management of the lifecycle of devices and their vulnerabilities.

Every time a new high severity vulnerability/CVE is published, vulnerability analysts need to cut the chase and quickly determine the total risk it poses to the business based on all the impacted assets.

5. Governments Around the World are Now Fully Committed to Reducing the Risk

The U.S. government is taking a series of measures to bolster the nation’s cybersecurity. Initiatives include cybersecurity executive orders to modernize the federal government’s digital infrastructure as well as heavy nationwide investments in the bipartisan infrastructure bill.

Improving the security and resilience of OT and ICS is now one of CISA’s top priorities. Not a week goes by without a new security bulletin delivered by their Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). A recent event exposed how Advanced Persistent Threat (ATP) actors developed custom-made tools that enabled them to scan for, compromise, and control ICS/SCADA devices, including systems from Schneider Electric, OMRON Sysmac and OPC Unified Architecture (OPC UA) servers.

ENISA, the European Union Agency for Cyber Security plays a similar role on the European continent.

At some point, every organization comes to realize that converged OT/IT/IIoT security requires a proactive approach to risk awareness, management, and mitigation. As governments around the world are ramping up their efforts to reduce the risks, now is the time for strategic platform investments that secure and enable your business.

In the light of current state of OT connectivity, the shortfall in talented OT SoC analysts, and the speed at which the attack landscape evolves, any technology investment should aim to meet the following requirements:

• Complete: Full asset visibility across the enterprises entire attack surface
• Continuous: Providing needed real-time awareness of asset connections and behaviors
• Intelligent: To better prioritize vulnerabilities and incidents
• Automated: Allowing for faster response to threats and operational events

Interested in how Armis can expose your unknown OT Attack-Surface? Get a Free Trial

Want to know more about how Armis can reveal your Protect-Surface? Get a Demo

About Armis
Armis is the leading unified asset visibility and security platform designed to address the new threat landscape that connected devices create. Fortune 100 companies trust our real-time and continuous protection to see with full context all managed, unmanaged assets across IT, Cloud, IoT devices, medical devices (IoMT), operational technology (OT), industrial control systems (ICS) and 5G. Armis provides passive and unparalleled cybersecurity asset management, risk management, and automated enforcement. Armis is a privately held company headquartered in Palo Alto, California. Visit www.armis.com