SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
Security Week – Eduard Kovacs
According to a survey conducted by the SANS Institute, organizations have significantly decreased their budgets for the security of industrial control systems (ICS) and operational technology (OT) in 2023 compared to the previous year.
The survey includes responses from over 700 individuals representing organizations of all sizes and various industry verticals.
The survey reveals that more than 21% of respondents reported not having an ICS/OT cybersecurity budget, a notable increase from 7% in 2022.
Most of the surveyed organizations have seen decreases in their budget allocations for ICS/OT cybersecurity when compared to the previous year.
Over the next 18 months, approximately 60% of organizations plan to invest in products that increase visibility into control system assets and configurations.
Around 30% of respondents plan to invest in anomaly and intrusion detection tools for control system networks.
SANS recommends that even organizations currently in a low budget cycle for 2023 should continue focusing on their ICS cybersecurity roadmap.
This includes spending on areas that provide the highest return to reduce the most significant known risks.
Suggested strategies include security awareness, using trusted ICS assessment tools such as those from MITRE, adopting a risk-based approach to vulnerability management, and aligning with the five ICS cybersecurity critical controls.
The survey indicates that in many cases, threat actors gain access to ICS/OT systems after compromising IT systems.
The initial attack vectors identified by respondents include compromised IT systems, engineering workstations, external remote services, and exploited internet-exposed applications.
Regarding penetration testing efforts, more than half of the respondents target Level 3 and the DMZ of the Purdue Model.
Level 3 includes customized OT devices that manage production, while the DMZ includes firewalls, patch management servers, application servers, and remote access servers.
Additionally, Level 2 (HMI and SCADA systems) and Level 4 (enterprise network) are targeted by over 40% of respondents.
The survey also explores the use of threat intelligence for improving OT defense posture.
Around 61% of respondents rely on publicly available information, while 30% rely on intelligence provided by security vendors.
More than 40% of respondents utilize information sharing partnerships, IT threat intelligence, and intelligence from ICS manufacturers or integrators.
The SANS report covers other topics such as the use of cloud services for ICS/OT systems, incident response practices, and patch management.
Link: https://www.securityweek.com/sans-survey-shows-drop-in-2023-ics-ot-security-budgets/
SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
Categories:
Tags: