Rise of Cyber Threats in the ICS/OT Sector: A Call to Action

Who should read this?

• Organizations – Businesses and security teams responsible for managing industrial control systems, including energy, water, and transportation.

What is happening?

ICS and OT encompass the systems and technologies that control and monitor physical processes in industrial environments. These systems include everything from power grids and water treatment plants to manufacturing lines and transportation systems. A successful cyber attack on these systems can have severe consequences, not only causing operational disruption but also risking public safety and economic stability. The frequency of cyber attacks on ICS/OT systems has been steadily increasing, with a sharp rise in incidents over the last decade. In fact, Gartner predicted in 2021, cyber criminals are expected to exploit OT or ICS systems by 2025 to cause harm or even take lives.

For example, recently:

• Cyber attack on U.S. power grid – Chinese hackers infiltrated the U.S. electrical grid, staying undetected for over 300 days and potentially leaving the power grid vulnerable to cyber attacks.
• Ransomware targeting water utilities – The Black Basta ransomware attack crippled Southern Water’s operations, costing millions in recovery and lost productivity.
• Critical infrastructure attacks worldwide – In 2024, threat actors targeted industrial control systems, highlighting how the risks to critical systems continue to rise globally.
  

As highlighted in a Forbes report, OT security has become a growing priority for organizations in industries like energy, utilities, and manufacturing. Despite growing awareness, many OT and ICS systems, built decades ago, still lack proper cyber security measures. Microsoft reports that 71% of ICS devices use outdated operating systems, 64% have unencrypted passwords, and 66% lack automatic updates. Due to the need for continuous operation, patches are often avoided, leaving 65% of vulnerabilities unaddressed. Additionally, around a third of OT organizations disable security systems because current tools aren’t compatible with their automation.

Why does it happen?

1. Outdated technology-Many ICS/OT systems rely on old technology that’s not periodically updated, leaving them vulnerable to exploitation by attackers.
2. High-value targets-ICS/OT systems control essential services, making them prime targets for cyber criminals looking to cause disruption or demand ransom.
3. Poor digital implementation-As ICS/OT systems adopt more digital technologies, poor implementation and lack of proper security create vulnerabilities, giving cyber criminals opportunities to attack.
   

What’s the risk?

• Disruption of industrial operations – A cyber attack on ICS/OT systems can halt manufacturing processes, energy distribution, or water management, disrupting essential services and impacting public safety and economic activity.
• Financial losses – Recovering from a cyber attack on ICS/OT systems can be extremely costly, including ransom payments, downtime, and expenses related to restoring operational systems and services.
• Data leaks – Cyber attacks in the ICS/OT sector can expose sensitive OT information such as network and engineering diagrams, images of operator panels, and details about third-party services, employees, processes, and ongoing projects.

How can ICS/OT organizations defend against cyber attacks?

1. Limit system access-Restrict access to critical systems based on employee roles to ensure that only authorized individuals can interact with sensitive infrastructure, minimizing the chance of accidental or malicious exposure.
2. Secure communication channels-Ensure that all communication across systems is protected. This includes securing remote connections, data exchanges, and control commands to prevent unauthorized access or interception by malicious actors.
3. Manage third-party relationships carefully-Be cautious when working with external vendors or contractors who have access to your systems. It’s essential to ensure they follow strong cyber security practices to avoid introducing vulnerabilities or risks into your environment.
4. Monitor system activity proactively-Continuously track system performance and user activity. This helps identify unusual patterns that may indicate a security issue, allowing teams to take action before a full-blown attack can occur.
5. Isolate critical systems-Separate essential systems from others in your network. By segmenting networks and controlling traffic flow, you can enhance the security of critical systems and minimize the impact of potential breaches.
6. Strengthen authentication processes-Implement stronger security measures for accessing systems, such as multi-factor authentication. This adds an additional layer of protection, making unauthorized access more difficult even if login credentials are compromised.
7. Keep systems updated-Periodically update all software, devices, and systems to address known vulnerabilities. Ensuring that patches and security updates are applied helps reduce the risk of attacks targeting outdated technology.
8. Develop an incident response strategy-Establish a clear plan for responding to cyber incidents. This should include guidelines for containing the threat, restoring operations, and communicating effectively with stakeholders to minimize damage and recovery time.

References

1. Southern Water Says Black Basta Ransomware Attack Cost $45M in Expenses
2. UAC-0212 Hackers Launching Destructive Attack
3. 3 Things Industrial Control System Enterprises Should Do to Boost Cyber resilience
4. Secure Your OT and IoT Devices with Microsoft Defender for IoT and Quzara CyberTorch