TÜV Rheinland: Cyber risks for industrial plants underestimated

TÜV Rheinland and Ponemon Institute publish worldwide study on the Cybersecurity of industrial plants / Operational Technology particularly at risk / Holistic view of industrial plant security lacks / all information at https://go.tuv.com/otsurvey-2020

Cyberattacks can threaten the industrial facilities of companies even more than their IT systems. However, a holistic view of the security of industrial plants is often lacking. This is a key finding of a recent study on security in industrial companies by TÜV Rheinland and the Ponemon Institute.

Operational Technology in the sights of the hackers

Operational Technology (OT) is the main target for cyberattacks on industrial plants. These are devices and systems that control or monitor industrial processes – such as motors, pumps or valves. “OT systems differ in function and technology from classic corporate IT. At the same time, successful cyberattacks on OT systems often cause particularly high levels of damage to the companies affected”, explains Petr Láhner, Executive Vice President of the Business Stream Industrial Service & Cybersecurity at TÜV Rheinland. “We have therefore placed the Cybersecurity of Operational Technology at the center of our study, following on from the findings of the first study on this subject in 2019”.

Measures for IT and OT systems not coordinated

For the “2020 Study on the State of Industrial Security”, the independent market research company Ponemon Institute surveyed more than 2,200 cybersecurity experts worldwide from the automotive, health and pharmaceutical, logistics and transport, mechanical engineering, oil and gas and utility sectors. The Ponemon Institute, based in Traverse City, Michigan, is dedicated to independent research on information and privacy management in companies.

The following results show how much cyberattacks endanger OT systems:

• More than half of the respondents (57 percent) say that their companies firmly expect attacks on OT systems.
• Almost half (48 percent) are convinced that cyber threats pose a greater risk to OT systems than to the IT environment.
• Almost two thirds (63 percent) of those surveyed stated that security measures for IT and OT systems are not coordinated in their companies.
• For almost half of the respondents (47 percent), cyber threats to OT systems have increased over the past year. These include attacks such as phishing, social engineering and extortion software (“ransomware”).

“From our point of view, it is crucial that companies tailor their cybersecurity measures to the specific requirements in Operational Technology. For example, some control systems may have limited cybersecurity controls in place and could subsequently be vulnerable to cyber threats. To do this, companies have to assess their OT cyber risk and invest time and money for best effect. It is alarming that in the view of the experts surveyed, there are too few financial or professional resources available for OT security. In addition, a holistic view of the security of industrial plants is often still lacking. In an increasingly networked world, industrial plants are only really secure if both their IT and OT cybersecurity is addressed”, Láhner says.

The “Study 2020 on the State of Industrial Security” is available for free download at https://go.tuv.com/otsurvey-2020.