One sentence summary – The SANS Institute’s survey reveals a decrease in budgets for industrial control systems (ICS) and operational technology (OT) security in 2023 compared to 2022, with over 21% of respondents lacking a dedicated cybersecurity budget for ICS/OT; however, more than 60% of organizations plan to invest in products that enhance visibility into control system assets and configurations, and 30% plan to invest in anomaly and intrusion detection tools for control system networks, in response to growing concerns.
At a glance
- SANS Institute survey shows decrease in budgets for ICS/OT security in 2023 compared to 2022
- 21% of respondents have no dedicated cybersecurity budget for ICS/OT
- 60% of organizations plan to invest in products that enhance visibility into control system assets and configurations
- 30% of organizations plan to invest in anomaly and intrusion detection tools for control system networks
- 38% of respondents report that threat actors gain access to ICS/OT systems after compromising IT systems
The details
The SANS Institute has conducted a survey revealing a significant decrease in budgets allocated for the security of industrial control systems (ICS) and operational technology (OT) in 2023 compared to 2022.
Over 21% of respondents indicated that they don’t have a dedicated cybersecurity budget for ICS/OT.
This is a notable increase from 7% in 2022.
In response to growing concerns regarding ICS/OT security, more than 60% of organizations are planning to invest in products that enhance visibility into control system assets and configurations within the next 18 months.
Additionally, 30% of organizations are planning to invest in anomaly and intrusion detection tools specifically designed for control system networks.
The survey also highlighted that threat actors often gain access to ICS/OT systems after compromising IT systems, as reported by 38% of respondents.
The initial attack vector for compromising ICS/OT systems typically involves IT systems.
This is followed by engineering workstations, external remote services, and exploited internet-exposed applications.
Regarding penetration testing efforts
more than half of the respondents target Level 3 and the DMZ of the Purdue Model.
The Purdue Model represents the boundary between the enterprise network and the control system network.
Additionally, 40% of respondents also target Level 2 (HMI and SCADA systems) and Level 4 (enterprise network) in their penetration testing efforts.
Threat intelligence plays a crucial role in defending against these attacks.
The survey found that 61% of respondents rely on publicly available information for threat intelligence.
While 30% rely on security vendor-provided intelligence.
Furthermore, over 40% of respondents leverage information sharing partnerships, IT threat intelligence, and intelligence provided by ICS manufacturers or integrators for threat intelligence purposes.
The SANS report also addresses other aspects, such as the use of cloud services for ICS/OT systems, incident response practices, and patch management.
It provides comprehensive insights into the current state of ICS/OT security and offers valuable recommendations for organizations in this field.
Note: This brief encompasses all of the available facts and information from the provided list.
Article X-ray
Here are all the sources used to create this article:
A downward sloping line graph representing decreasing budgets for ICS/OT security in 2023.
This section links each of the article’s facts back to its original source.
If you have any suspicions that false information is present in the article, you can use this section to investigate where it came from.
| securityweek.com |
|---|
| – The budgets allocated for the security of industrial control systems (ICS) and operational technology (OT) have decreased significantly in 2023 compared to the previous year, according to a survey by the SANS Institute. – |
| Over 21% of respondents said they don’t have an ICS/OT cybersecurity budget, a significant increase from 7% in 2022. – More than 60% of organizations plan on investing in products to increase visibility into control system assets and configurations in the next 18 months. – 30% of organizations plan on investing in anomaly and intrusion detection tools for control system networks. |
| – Threat actors often gain access to ICS/OT systems after compromising IT systems, according to 38% of respondents. – |
| The initial attack vector for compromising ICS/OT systems is often through IT systems, followed by engineering workstations, external remote services, and exploited internet-exposed applications. – More than half of respondents target Level 3 and the DMZ of the Purdue Model in their penetration testing efforts. – 40% of respondents also target Level 2 (HMI and SCADA systems) and Level 4 (enterprise network) in their penetration testing efforts. – 61% of respondents rely on publicly available information for threat intelligence, while 30% rely on security vendor-provided intelligence. – Over 40% of respondents leverage information sharing partnerships, IT threat intelligence, and ICS manufacturer or integrator intelligence for threat intelligence. – |
| The SANS report also covers the use of cloud services for ICS/OT systems, incident response practices, and patch management. |
English 
Portuguese 
Turkish 
Chinese 
German