A survey conducted by Pasadena-based Parsons revealed an alarming lack of integration of operational with information technology professionals within critical infrastructure facilities in the United States, which could lead to hacking and failures of vital facilities.
“Thousands of networked devices installed in critical infrastructure facilities are improving operating efficiency but increasing cyber risk,” said Carey Smith, President of Parsons’ Federal business unit. “The perfect storm has already formed, with more connected devices in the industrial controls environment creating numerous points of access for increasingly sophisticated attacks.”
Parsons undertook the survey to explore the state of cybersecurity risk in these facilities after the U.S. Department of Homeland Security said cybercrime damage would reach $6 trillion annually by 2021 – almost 10 percent of the world economy.
With more than 90 percent of critical infrastructure assets in America owned by private sector interests, understanding the degree to which OT and IT cyber solutions have converged is not a matter of simply asking federal government officials for a report. The answer lies with the employees, management, and boards of directors of the companies and cooperatives that operate critical infrastructure assets.
The survey emphasized the degree to which both information technology (IT) and operational technology (OT) have converged.
The 10-page report entitled “Parsons 2018 Critical Infrastructure Risk Assessment” and released Thursday reports the results and summarizes the opinions of 300 qualified respondents working as industrial control system (ICS) engineers in each of the critical
Parsons said attacks on both OT and IT critical infrastructure (CI) environments, including the 2015 Ukraine electric system disruption and the March 2018 Russian attack on the U.S. grid, are being reported by government and private sector infrastructure operators with increasing frequency.
In October 2017, the U.S. Department of Homeland Security and the Federal Bureau of Investigation issued a joint technical alert in response to advanced persistent threat data on attacks targeting U.S. energy, nuclear, water, aviation, and critical manufacturing organizations.
Cybersecurity standards organizations, including the National Institute of Standards and Technology (NIST), have called for solutions to the evolving threat landscape that enhance convergence of OT and IT technologies and processes to strengthen against threats to ICS and OT systems.
In the survey, 66 percent of the respondents indicates their organizations are adding more connected industrial internet of things (IIoT) devices to industrial control systems in the OT environment. Seventy-eight percent said they were not highly involved in ICS cybersecurity.
The Parsons report is downloadable from the company website, through www.parsons.com/cipsurvey.