OT is now a part of most industrial organization’s digitization and automation efforts. The Industrial 4.0 technologies that help with connectivity, data analytics, intelligent automation, and advanced manufacturing have become the key differentiators across sectors.
Yet, the convergence of OT and IT has introduced new cyber risks. Let’s look back at the key moments and pivotal developments that shaped the OT cybersecurity landscape in 2023.
OT Cybersecurity Roundup 2023
The year 2023 wasn’t just another chapter in the field of OT cybersecurity. It was a turning point, a year when the once-distant threat of cyberattacks on operational technology (OT) and industrial control systems (ICS) became a chilling reality.
From sophisticated ransomware assaults on critical infrastructure to the chilling manipulation of water treatment plants, the year witnessed a rapid escalation in cybercrime targeting the very systems that keep our modern world running.
These weren’t mere inconveniences. They were wake-up calls, stark reminders of the vulnerabilities lurking beneath the surface of our interconnected world.
The “air gap” that once separated IT and OT has faded, and the once-isolated world of industrial systems is now firmly in the crosshairs of cybercriminals.
Hence, it is not surprising that the serious consequences of OT cyber attacks are giving many CISOs sleepless nights.
A couple of examples of OT cybersecurity attacks in 2023
California Water Treatment Attack 2023
Ransomware attack on Global Food Giant Dole
As IT and OT systems come together, threats that used to only exist in one place are spreading. In 2023, PwC’s Global Digital Trust Insights report suggests almost a third of big companies expect more attacks on their operational technology.
Gartner suggests OT environments will be weaponized by 2025, harming millions. In the face of all these cyber threats, no organization can afford to take a lax approach to OT cybersecurity.
It’s got to be a priority—something that gets thought about and budgeted for. Organizations that show they can bounce back from cyber issues will earn more trust from customers and partners, and that can make all the difference.
Having said that, amidst the darkness, glimmers of hope emerged. The year also saw a surge in awareness and investment in OT cybersecurity. Organizations, governments, and industry leaders finally recognized the gravity of the situation and began taking concrete steps to fortify their defences.
Once a distant dream, collaboration between IT and OT teams became a critical necessity. New security standards and regulations were drafted, and innovative solutions were brought to bear on the ever-advancing threat landscape.
OT Security Trends in Critical Tech 2023
People made more rules about reporting incidents where critical technology is concerned. The same will continue in 2024 as well. Germany recently made strict laws about this, and the USA is talking about it, too.
However, will these new rules make the companies tell the public about cyberattacks that mess up things in the real world?
We may not hear much about more big incidents, but the new rules might make companies report smaller problems. If something big happens, like the power going out in a big city or a “boil water” warning because of a cyber problem, it’s hard to keep that a secret, even without new laws.
In the USA, the TSA (Transportation Security Administration) has been making new rules since last year for pipelines that carry stuff like oil and for trains. They’re doing this because of what happened with the Colonial Pipeline in 2021.
A big idea behind these rules is to keep the systems that control essential technology separate from regular computer systems. This way, if a cyberattack messes up the regular computer systems, the critical systems keep working fine.
In a way, this isn’t surprising. This was the whole point of working on cybersecurity for operational technology for the last decade—keeping the lights on, ensuring everyone has clean water, and so on. But, since the attack that shut down the Colonial Pipeline, the TSA has said this clearly for the first time.
On the engineering side, something potentially important happened in 2023. The US Department of Energy enhanced its report about the National Cyber-Informed Engineering Strategy. This report was first published in June 2022.
Instead of explaining how to do cyber-informed engineering, the report gives a few examples, says, “We need this,” and plans to create a body of knowledge for cyber-informed engineering.
So, what is it? The report discusses ways to physically stop cyberattacks, making them impossible. Engineers have been handling threats to public safety for a long time, and cyber threats are just another kind of threat that had to be considered in designing essential infrastructure.
Many of the methods engineers have used for a long time to stop unwarranted incidents from happening also work against cyber threats. Just as they work against equipment problems and human mistakes that were made a long time ago.
These tools in critical technology are not part of the cybersecurity solution world. However, they can be used to deal with OT cyber threats in real-world operations.
OT Cybersecurity Best Practices in 2023
Teams Collaborating Together
The old split between the IT and OT teams has disappeared. Now, teams work together, forming groups, learning each other’s jobs, and executing plans when something wrong happens.
This teamwork improves communication, helps everyone understand more, and strengthens defence against cyber threats.
Extensive efforts like the Cybersecurity and Infrastructure Security Agency (CISA) OT Cybersecurity Framework and the SANS ICS Security Summit help people share good practices. This working-together spirit is critical to staying on top of the always-changing cyber threats.
More Budget for OT Security
Organizations are now putting more money into keeping things secure. According to Gartner, OT security spending increased by 15% in 2023 compared to 2022. This doesn’t just mean buying firewalls and detection systems.
It also includes getting tools to manage problems, training for when something goes wrong, and having people dedicated to keeping things secure.
It’s not just about throwing money at the problem. Now, organizations are thinking more about security right from the start—from when they’re designing and buying systems all the way through to when they’re using and taking care of them.
Rules and Guidelines for Safety
We now have some rules to follow to keep important technology safe. Standards like NIST SP 800-160 and IEC 62443 advise us on ensuring OT environments are secure.
These rules tell us the best ways to check for risks, manage problems, and handle things when something goes wrong. They’re like a map for organizations to navigate the tricky world of OT cybersecurity.
Governments have also started paying attention and making rules. The EU’s NIS 2 Directive and the US’s Cybersecurity Act of 2022 say that organizations working in critical areas must be better at cybersecurity.
These rules are pushing organizations to spend more and develop new ideas.
New Ideas and Technologies
There are now cool new ideas to keep important technology safe. We have intelligent systems that use artificial intelligence to find threats, blockchain platforms to manage data securely, and advanced tools that spot unusual things.
These technologies give us good options for dealing with the unique challenges of securing industrial systems.
Human resources also play an important part in keeping essential infrastructure secure. Even with all the technology, it’s the people who can make things work. Organizations are spending more on training programs to teach everyone about cyber threats and the best ways to stay safe.
This includes telling employees about threats, practicing how to deal with fake cyberattacks, and making sure everyone knows how to respond when something real happens.
These are just a few good things that happened in 2023. Even though the fight against cyber threats isn’t finished, these positive changes are a silver lining.
By keeping up with technology, working together, following good rules, and teaching people, we can make a more robust future where important technology stays safe in the digital world.
Lessons Learned in 2023 to Concrete Actions in 2024
The past year wasn’t just filled with news; it was like a class on cyber warfare right at the core of our essential systems. From messing with a water treatment plant in Pennsylvania to sneaking into a North Texas water utility plant, each incident has taught security leaders something important.
But lessons are not enough; they need us to do something. So, what key things should security leaders turn into actual actions to strengthen their OT defences in 2024?
OT/ICS Is Not Untouchable
Remember when people thought air gaps and being physically isolated would keep systems safe? Those days are gone. The Colonial Pipeline hack in 2021 was a clear reminder, and the attacks in 2023, like the California water plant and Giant Dole, prove that attackers are actively going after OT/ICS systems.
This means we need to change how we think about it. Security leaders should see OT/ICS environments as critical as IT systems.
Actionable Insight:
- Give more importance to OT security in your budget and how you use resources.
- Invest in teams just for OT security, train people specifically for this, and get robust security tools made for these systems.
- Break down the walls between IT and OT to work together and share what they know.
Beyond Ransomware—Disruption Is the New Game
Although ransomware is still a big problem, 2023 showed more attacks trying to mess up how things work and cause real problems.
The attacks on water treatment plants and power grids show that chaos could happen everywhere. This means we need to look at security more broadly, not just to keep data safe but to ensure things keep working well.
Actionable Insight:
- Look at all the weak points where attackers could get in and fix them.
- Make plans for when things go wrong, focusing on quickly stopping the problem and returning situations to normal.
- Put strong controls on who can access what in your network.
Human Error—The Persistent Foe
More and more individuals falling for scams, getting tricked by others, and even insiders causing trouble continue to be significant problems. Individual mistakes are still a big part of OT cyber security. This means we need to use technology and teach people about security.
Actionable Insight:
- Teach everyone working with OT/ICS about security through secured programs.
- Make a culture where everyone cares about security, reporting anything that seems strange, and following good practices.
- Use solutions that protect users and the endpoints they use to reduce risks from human mistakes.
Collaboration is the Key
Working together is the best way when everyone is facing the same problem. Making OT/ICS security work well means IT and OT teams need to work together.
It also means talking to people outside, like the government and others in the industry, to share information and resources.
Actionable Insight:
- Make teams that can respond to problems with both IT and OT individuals.
- Join groups where people talk about the latest threats and problems.
- Work with the government and security companies for expert advice and help.
Mentioned above are just a few things we learned from the busy year of 2023. Security leaders need to turn these lessons into actions to make their OT/ICS systems robust and ready.
By making OT security more important, looking at operational safety, dealing with human mistakes, and working together, we can make a future where our critical systems can handle the forever-changing cyber threats.
The Potential Threat Trends in OT Cybersecurity 2024
Let’s dig into some important aspects we need to pay attention to in OT/ICS security for 2024 and beyond.
Country-backed cyber actions:
Forget just regular cybercriminals. Now, countries are getting involved and trying to mess up essential systems. They want to cause trouble, steal secrets, or gain a significant advantage.
The attack on the Shafir water treatment plant in Israel in 2023, linked to Iran, is a scary example of this. To tackle this, we need solid plans for national cybersecurity, countries working together, and ways to figure out who is behind these attacks.
AI becoming a key weapon in cyberattacks:
Artificial intelligence is not just in movies anymore. Hackers are starting to use AI in their attacks, creating intelligent tools for finding weaknesses, making harmful software, and even tricking people.
This “cyborg offensive” means we need better defences using AI, ways to spot unusual things, and plans for when these automated attacks happen.
Identifying the key figure behind the keyboard:
Figuring out who is doing the cyberattacks can take time and effort. With fancy tricks and secret ways to talk, it’s becoming harder to say who is responsible. This lack of clarity makes it difficult to respond when something goes wrong, makes it hard for countries to work together, and lets attackers get away with it.
Governments and security experts need to make it a priority to identify the machinery behind the OT attacks well in advance and stop them.
The internal risk:
Not all problems come from outside. Individuals who work for a company, contractors, or other companies can also cause big setbacks. They might have access to secret information or important systems.
To stop this, we need sound systems for managing who has access to what, always watching for problems, and ensuring employees know how to stay safe.
Real-world consequences:
Cyberattacks on critical OT systems aren’t just about stealing data or losing money. They can actually cause problems in the real world—like harming the environment, stopping essential services, or hurting people. The 2021 attack on the water treatment plant in Florida, where chemicals were messed with, is a clear example.
To handle this, we need good plans for when something goes wrong and to make sure vital systems are physically safe.
These are just a few things to think about for the future of OT/ICS security. We can make our essential systems stronger and safer if we recognize these issues and take steps ahead of time.
OT Cybersecurity Strategies for 2024
Changing Outlook
The idea that there’s a secure gap between our systems has been shattered. Incidents like the one in California have shown just how vulnerable critical infrastructure is. This harsh reality will make us rethink how we do security.
OT security won’t just be an extra factor to think about; it will be a top priority woven into how organizations plan things. Leaders will have to focus more on understanding risks, keeping an eye on systems all the time, and gathering information about potential threats.
Instead of just reacting when something goes wrong, they must actively look for potential problems.
Invest More Money
The days of not spending enough on OT security are over. The real-world problems caused by cyberattacks, like disrupted water supplies or power going out, have made it clear that not doing anything costs a lot, both in terms of money and society.
Organizations should spend a lot more on OT security, with budgets expected to go up by 20–30% in 2024, according to a Ponemon Institute report. This increase won’t just be throwing money around; it will be a smart investment to make systems stronger.
Projected OT/ICS Security Budget Increase in 2024
Region | Increase | Source |
North America | 25–30% | Gartner 2024 Security Trends Report |
Europe | 20–25% | Ponemon Institute 2023 Global OT/ICS Security Report |
Asia-Pacific | 15–20% | SANS Institute OT/ICS Security Survey 2023 |
This extra money should be used in important areas:
- Dedicated OT security teams: Making teams of individuals who are experts in OT security, as suggested by the SANS Institute OT/ICS Security Survey 2023. These teams will focus on problems and how to deal with them.
- Integrated IT/OT security solutions: Breaking down the walls between different teams and making them work together, as Gartner’s 2024 Security Trends Report recommended. This will include using systems that work together, sharing information, and planning for when things go wrong.
- Finding and fixing weaknesses: Actively looking for and fixing problems before hackers can use them, as CISA Cybersecurity Advisory AA23-141A highlighted. Regular checks will be important to find weaknesses and tests to see how secure things are.
- Teaching About Cybersecurity: Giving people the knowledge and skills to notice and report strange things, as shown by the Ponemon Institute 2023 Global OT/ICS Security Report. Different training programs for different jobs (like operators, engineers, and bosses) will be necessary.
Breakdown of OT/ICS Security Investment Priorities in 2024
Investment Area | Percentage Allocation |
Dedicated OT Security Teams | 20% |
Converged IT/OT Solutions | 15% |
Vulnerability Management and Penetration Testing | 25% |
Cybersecurity Awareness and Training | 15% |
Other (Physical Security, Regulations) | 25% |
More Cyber Rules: Working Together to Stay Cyber Safe
The rules about cybersecurity should change. Governments and guiding bodies in industries should ensure organizations follow stricter rules and use standard ways to stay secure, like NIST SP 800-160 and IEC 62443.
This will ensure a basic level of security everywhere, lowering the chances of problems and making the whole system safer.
Following these stricter rules might be challenging for organizations. Still, resources like CISA’s Cyber Resilience Review (CRR) program and platforms that give information about threats specific to certain industries can help.
Programs like CISA’s Information Sharing and Analysis Center (ISAC) and groups that focus on specific industries show how effective working together can be.
Looking Forward: Building a Safe Future, Step by Step
The lessons from 2023 show us a path to a safer future, but it won’t be easy. Keep investing, stay committed, and work together to make the OT/ICS world safer. 2024 is a critical time.
Will the wake-up call from 2023 strengthen defences, or will the threats keep growing? The answer is in how we all act together.
Key Takeaways
Important Lessons to Remember
- We can’t think of OT/ICS systems as untouchable any more. Recent attacks on crucial systems like water treatment and power grids show that we need to change how we think about security.
- Companies need to make OT security an essential part of their plans. This means spending money on teams that know about operational technology, training them well, and using strong security measures that fit with industrial control systems.
- It’s better to be ready for problems before they happen. This means identifying and fixing weak areas, testing how things are in case of an attack, and having a good plan in place when something goes wrong.
- Human resources are still a big part of security problems. So, everyone who works with OT/ICS systems must learn about how to be safe online. This will help reduce mistakes that could cause problems.
- There must be stricter rules to ensure everyone follows good security practices. This includes using standard ways to stay safe, like NIST SP 800-160 and IEC 62443, to keep everything secure.
- Companies will have to spend more on OT security in 2024. They must focus on spending in critical areas to ensure safety.
- Cyberattacks can cost a lot of money. This makes spending money on OT security essential to saving money in the long run.
- OT security needs to keep getting better to stay ahead of new threats. This means identifying the best practices for security and learning from what happens when they are not followed.
How can Sectrio be a driving force in OT cybersecurity in 2024?
With advanced technology, expert help, and a collaborative approach, Sectrio is set to contribute to a more secure future for OT/ICS environments. As organizations focus on security, Sectrio is a trusted partner, providing tools, expertise, and support against evolving cyber threats.
We help you with
Comprehensive Visibility:
- Easily see and identify every device in your OT/ICS setup.
- Keep track of changes, catch anything unusual, and find potential weak points.
Improved Threat Detection:
- Use advanced intelligence and AI analytics to spot suspicious activity early.
- Quickly identify anomalies, recognize malware signatures, and analyze behavior to stop threats in their tracks.
Unified Security:
- Break down barriers between IT and OT for a connected security approach.
- Share data seamlessly, respond to incidents, and ensure a united defence across the entire network.
Guidance and Support:
- Beyond tech, get expert guidance for navigating OT/ICS security.
- Benefit from vulnerability assessments, penetration testing, and specialized training for a proactive defence.
Collaborative Approach:
- Actively participate in industry forums and work with research institutions and government agencies.
- Foster a collaborative environment for sharing knowledge, developing best practices, and facing emerging threats together.