According to the research, nearly 60 percent of cyberattacks against the industrial sector were led by state-affiliated actors.

MILWAUKEE—Industrial automation company Rockwell Automation, Inc., recently revealed the findings of its report, “Anatomy of 100+ Cybersecurity Incidents in Industrial Operations.” The global study, conducted by cybersecurity research firm Cyentia Institute, analyzed 122 cybersecurity events that included a direct compromise of operational technology (OT) and/or industrial control system (ICS) operations, collecting and reviewing nearly 100 data points for each incident, according to a release from Rockwell Automation.

The first edition of the report found that nearly 60 percent of cyberattacks against the industrial sector are led by state-affiliated actors. These cyberattacks are often—about 33 percent of the time—unintentionally enabled by internal personnel. This corroborates other industry research showing that OT/ICS security incidents are increasing in volume and frequency, and are targeting critical infrastructure, such as energy producers, the company said.

“Energy, critical manufacturing, water treatment, and nuclear facilities are among the types of critical infrastructure industries under attack in the majority of reported incidents,” said Mark Cristiano, commercial director of Global Cybersecurity Services at Rockwell Automation, in the release. “Anticipating that stricter regulations and standards for reporting cybersecurity attacks will become commonplace, the market can expect to gain invaluable insights regarding the nature and severity of attacks and the defenses necessary to prevent them in the future.”

Based on incidents analyzed, OT/ICS cybersecurity incidents in the last three years have already exceeded the total number reported between 1991 and 2000. Threat actors are most intensely focused on the energy sector, the target of 39 percent of attacks—more than three times more than the next most frequently attacked verticals, critical manufacturing (11 percent of attacks) and transportation (10 percent). Phishing remains the most popular attack technique, representing 34 percent of cyberattacks and underscoring the importance of cybersecurity tactics such as segmentation, air gapping, Zero Trust, and security awareness training to mitigate risks, according to the release.

In more than half (53 percent) of OT/ICS incidents, supervisory control and data acquisition (SCADA) systems are targeted. Programmable logic controllers (PLCs) are the next-most-common target at 22 percent. More than 80 percent of threat actors come from outside organizations, yet insiders play an unintentional role in opening the door for threat actors in approximately one-third of incidents, the company said.

In the OT/ICS incidents studied, 60 percent were reported to have resulted in operational disruption; and 40 percent, in unauthorized access or data exposure. However, the damage of cyberattacks extends beyond the impacted enterprise, as broader supply chains were also impacted 65 percent of the time, according to the release.

The research indicates that strengthening the security of IT systems is crucial to combatting cyberattacks on critical infrastructure and manufacturing facilities. More than 80 percent of the OT/ICS incidents analyzed reportedly started with an IT system compromise, attributed to increasing interconnectivity across IT and OT systems and applications. The IT network enables communication between OT networks and the outside world and acts as an entryway for OT threat actors.

The release said that deploying proper network architecture is critical to strengthening an organization’s cybersecurity defenses. It is no longer enough to simply implement a firewall between IT and OT environments. Because networks and devices are connected daily into OT/ICS environments, this exposes equipment in most industrial environments to sophisticated adversaries. Having a strong, modern OT/ICS security program must be a part of every industrial organization’s responsibility to maintain safe, secure operations and availability.

“The dramatic spike in OT and ICS cybersecurity incidents calls for organizations to take immediate action to improve their cybersecurity posture, or they risk becoming the next victim of a breach,” said Sid Snitkin, vice president, Cybersecurity Advisory Services, ARC Advisory Group, in the release. “The threat landscape for industrial organizations is constantly evolving, and the cost of a breach can be devastating to organizations and critical infrastructure. The report’s findings underscore the urgent need for organizations to implement more sophisticated cybersecurity strategies.”