A SANS 2021 Survey: OT/ICS Cybersecurity
Reports
Executive Summary
The operational technology (OT)/industrial control system (ICS) security world continually adapts to meet new challenges and threats. This 2021 SANS OT/ICS Cybersecurity Survey explores how OT defenders across all industries meet these challenges and looks to areas where we can place more emphasis to help defend our critical infrastructure moving forward. This year’s survey focuses on actual and perceived risks, threats, information sources, and operational implementation challenges, as well as levels of investment in this important topic. This year, the results clearly show the rise of ransomware impacting critical infrastructure as a significant threat and an area of concern among respondents.
OT cybersecurity practitioners and boardrooms keep threats and perceived risks front of mind. Recent incidents such as the Colonial Pipeline ransomware attack and the JBS Foods ransomware highlight the complex threat environment these systems face. The results confirm this, with ransomware and financially motivated cybercrimes topping the list of threat vectors that cause respondents most concern, followed by the risk from nation-state cyberattacks (43.1%). Most interestingly, the elevation of non-intentional threat vectors made for a combined 34.5% of the total choices for top three threat vectors.