Attacks against operational technology (OT) and industrial control systems (ICS) grew dramatically in the past few years. Indeed, a 2020 report found that digital attacks against those two kinds of assets increased by over 2000% between 2018 and 2020. Many of those attacks involved vulnerabilities in Supervisory Control and Data Acquisition (SCADA) systems and other ICS hardware components or password spraying techniques.

These types of security incidents are dangerous, as malicious actors can potentially misuse affected OT and ICS systems to disrupt critical national infrastructure (CNI). The power grid, interstate highways and water treatment plants are all examples of CNI in that they’re all essential to a country’s national security and that nation’s public safety. Notwithstanding their importance, teams have run into some challenges with securing CNI in the past.

This raises some important questions. How prepared are CNI organizations to defend themselves against digital attacks? What are the risks they face? And what are they doing to overcome them?

To answer those questions, Bridewell Consulting commissioned independent research organization Censuswide to conduct research among 250 UK security and IT decision-makers (ITDMs) across aviation, chemicals, energy, transport, and water. Those individuals’ responses illuminate how CNI organizations are feeling about their OT/ICS security. They also reveal areas where organizations can focus their time and money to better defend themselves going forward.

A Lack of OT Security Confidence

Bridewell Consulting found in its survey that many respondents were concerned about their employer’s OT system security. One-fifth of survey participants said that they weren’t confident in those efforts at their workplace. Specifically, 16% said they were “not very confident,” while 4% admitted they were “not confident at all.”

The reality is that CNI organizations face many digital risks. Take legacy systems, aging OT assets that are years if not decades old (Read more...)