Fortinet 2019 Operational Technology Security Trends Report

In order for organizations to respond more quickly to the evolving marketplace, digital transformation efforts need to be extended into every corner of the distributed network. To increase efficiencies in places like manufacturing floors, energy production and delivery, or interconnected transportation systems, operational technology (OT) environments are being connected to the outside world for the first time.

This trend promises great benefits for organizations, enabling things like remote monitoring and enabling real-time response to market changes. But adding things like Windows-based Open Platform Communications (OPC) or integrating IT-enabled devices also exposes OT systems to threats they may not be prepared to defend themselves against. The “air gap” that protected OT systems from hackers and malware no longer exists at many organizations, and as a result, adversaries are increasingly targeting those OT systems to steal trade secrets, disrupt operations, or even commit acts of cyber terrorism against critical infrastructure.

2019 Operational Technology Security Trends Report

To better understand the state of security in OT systems, Fortinet recently published a research report that examines security trends for OT networks. The Fortinet 2019 Operational Technology Security Trends Report analyzed data gathered from millions of Fortinet devices to discern the state of cybersecurity for supervisory control and data acquisition (SCADA) and other industrial control systems (ICS). Our analysis found that because many OT systems include older devices running unpatched software, OT networks are increasingly being targeted by IT-based legacy attacks that are no longer effective against IT networks. However, we are also seeing a disturbing rise in purpose-built OT attacks designed to target SCADA and ICS systems.

As might be expected, the majority of these attacks tend to target the weakest parts of OT networks, often taking advantage of the complexities caused by a lack of protocol standardization and the sort of implicit trust strategy that permeates many OT environments. And this trend is not limited to specific locales or sectors. Threat actors targeting OT environments clearly do not discriminate according to industry or geography, as every vertical and region saw a significant rise in attacks.

Key takeaways from our 2019 Operational Technology Security Trends Report include the disturbing trend that exploits increased in volume and prevalence in 2018 for almost every ICS/SCADA vendor. And in addition to the recycled IT attacks being thrown at unpatched or non-updated OT devices, 85% of unique threats detected target machines running OPC Classic, BACnet, and Modbus.

IT-based Attacks Are Increasingly Targeting OT Systems

The 2019 Operational Technology Security Trends Report indicates that cybercriminals tend to use legacy IT-based threats to attack OT systems, not only because they often include older technology such as unpatched applications and operating systems, but also because OT security operations are frequently less developed because they have traditionally relied on their air-gapped isolation from the IT network for protection.

In addition, cybercriminals also target devices by targeting the wide variety of OT protocols in place. While IT systems have been standardized for many years, OT systems use a wide array of protocols—many of which are specific to functions, industries, and geographies—and cybercriminals have actively attempted to capitalize on this by targeting each protocol and counting on the profusion of protocols to prevent OT managers from having a clear idea of which protocols are in place or what their inherent challenges are. Often, older, more complex vendor offerings have more vulnerabilities than newer, more streamlined products. And as with legacy IT-based malware attacks, these structural problems are exacerbated by security hygiene practices within many OT environments.

Custom OT Attacks Also On The Rise

Malware targeted specifically at ICS and SCADA systems have been developed and deployed for a decade or longer. While examples are not numerous, attacks specifically designed for OT systems now seem to be on the rise, with safety systems increasingly a target.

A handful of OT-based attacks over the past decade have managed to make headlines, including Stuxnet, Havex, BlackEnergy, and Industroyer. Most recently, Triton/Trisis targeted safety instrumented system (SIS) controllers. This attack is especially concerning because in many respects it is the first true cyber-physical attack on OT systems. And given the fact that this malware targets a safety system, the outcome of such an attack could potentially be much worse, potentially destroying machinery and threatening lives.

And as with legacy IT-based attacks, older OT attacks continue to reappear. For example, there was a spike in intrusion attempts using Industroyer in the first half of 2018. First identified in 2015, Industroyer was designed to disrupt the working processes of industrial control systems used in electrical substations. And in spite of its high-profile takedown of the Ukrainian electrical grid, it still managed to impact unprotected systems. This not only suggests that cybercriminals are not only determined to gain maximum value from existing malware, but that a general lack of security prioritization means that legacy attacks will continue to successfully target critical infrastructures.


The Fortinet 2019 Operational Technology Security Trends Report shows that the risks associated with IT/OT convergence are real, and need to be taken seriously by any organization that has begun to connect their ICS/SCADA systems with their IT networks. 

Malicious actors are able to extract maximum value from each new threat they develop by continuing to exploit the unprotected systems and vulnerabilities that persist in both older and newer networks and technologies. They will also continue to exploit the slower replacement cycles and legacy technologies that are likely to remain in place for years unless OT organizations begin to proactively adopt a more security-centered approach to IT integration and convergence. And the best way to counter this reality is by adopting and implementing a comprehensive strategic approach that involves the entire organization.

Learn more about securing operational technology that controls critical infrastructures such as pipelines, electric grids, transportation systems, and manufacturing plants, with Fortinet. 

Read these customer use cases to find out how Echoenergia and this major oil and gas company used Fortinet to protect their distributed networks and critical infrastructure.

Access the full 2019 Operational Technology Security Trends Report.

*** This is a Security Bloggers Network syndicated blog from Fortinet All Blogs authored by Fortinet All Blogs. Read the original post at: