TXOne Networks reports challenges in OT/ICS cybersecurity across industries due to RaaS, supply chain attacks, geopolitics

Cyber-physical systems (CPS) security firm TXOne Networks published this week its 2023 annual report detailing a growing range of cybersecurity issues facing global industries. The report details that in 2023, many forces came into play that led to unprecedented cybersecurity challenges in the OT/ICS (operational technology/industrial control systems) domain. Not only did the issues of IT-OT convergence and Ransomware-as-a-Service (RaaS) persist, but geopolitical tensions precipitated increased state-sponsored and civilian hacker activities as well.  

Titled, ‘The Crisis of Convergence: OT/ICS Cybersecurity 2023,’ the TXone report details diverse intensifying challenges, including growth in attacks via RaaS models, exploitation of supply-chain vulnerabilities, and prevalence of state-sponsored hackers and other politically motivated actors in the wake of geopolitical issues.

TXOne Networks worked with Frost & Sullivan to survey 405 key IT and OT security decision-makers. They conducted an OT/ICS Cybersecurity Maturity Survey to assess organizations’ OT cybersecurity, creating an actionable path forward for organizations to reach optimized maturity by illuminating how far they still have to go. 

The report disclosed that the recent accessibility of OT testbeds and protocols has aided malicious actors in developing ready-made malware, opening the floodgates for cyber criminals who no longer need specialized training to conduct deadly attacks. Now, ransomware is the most common threat in OT/ICS environments. In 2023, 47 percent of organizations reported incidents of ransomware cyberattacks. Challenges also arise from unpatched systems, a concern for 38 percent of organizations, while 76 percent fear nation-state attacks.

“The Crisis of Convergence: OT/ICS Cybersecurity 2023 is the result of a thorough research and technical analysis that is aimed at delivering up-to-date insights into the global threat landscape and the tactics that malicious actors employ to launch attacks,” Terence Liu, chief executive officer (CEO) of TXOne Networks, said in a media statement. “The findings are clear. Organizations must move well beyond regulatory compliance in their OT/ICS cybersecurity strategies if they are to successfully adapt for the constantly evolving threat.” 

Liu pointed out that safeguarding the availability, reliability, and security of revenue-generating operations will depend on new governance structures, enhanced team and technical capabilities, integration of advanced threat detection and response into cybersecurity frameworks, and risk management across the supply chain.

TXOne identified that the IT/OT convergence changes the terrain of the organization’s entire ecosystem, necessitating a holistic defense system that can fortify this expanded attack surface. The increased interplay between Internet of Things (IoT)/OT networks and critical infrastructure, combined with inadequate safety measures in OT networks and device security, also amplifies risks. 

Legacy systems within OT networks add burdensome complexity to cybersecurity efforts. Globally, 97 percent of organizations have reported IT incidents that impact OT; 59 percent of organizations are at risk of OT cyber threats, with 46 percent having already suffered OT security incidents. Additionally, 59 percent of organizations continue to grapple with cybersecurity complexity.

The report also identified that a robust cybersecurity approach involves governance, identification, protection, detection, response, and recovery strategies. Although 77 percent of global organizations are at maturity level 3 in OT/ICS cybersecurity, there is a need for further enhancement beyond mere compliance. 68 percent of organizations are continually increasing their OT/ICS budgets, indicating an urgent need to elevate their OT security posture. This is crucial for countering the evolving tactics of cybercriminals.

Legislative changes in 2023 signal a watershed moment in OT/ICS cybersecurity, with governments updating frameworks and introducing standards to fortify critical infrastructure sectors. Organizations are improving in terms of governance, teams, and technology, with CEOs increasingly involved in cybersecurity decisions. Teams dedicated specifically to OT are present in 38 percent of organizations, while 23 percent share IT-OT teams. Balancing security with operational efficiency remains a challenge.

In 2023, the OT sector was increasingly besieged by sophisticated ransomware attacks, primarily driven by RaaS groups like LockBit, CL0P, BlackCat, and Medusa. These groups have honed their strategies, moving from double to triple extortion tactics, leading to widespread data breaches across various industries. CL0P, in particular, is known for exploiting vulnerabilities in MOVEit, a file transfer software that affects hundreds of manufacturers and government entities.

The TXOne report said that having recognized the vital role of data, particularly machine logs integral to manufacturing processes, organizations are now looking to invest in the resilience of their technology infrastructure, primarily the security of critical assets and their data. “Organizations are turning to innovative approaches such as Cyber-Physical Systems Detection and Response (CPSDR), which enhances OT cybersecurity postures by integrating OT expertise across various domains,” it added.

The report concludes that in the face of constantly evolving cyber threats, global organizations must enhance their OT/ICS cybersecurity strategies, going beyond mere regulatory compliance to reach optimized cybersecurity maturity. “This includes improving governance structures, team and technical capabilities, integrating advanced threat detection and response systems into cybersecurity frameworks, and focusing on supply chain risk management. As digital transformation accelerates, businesses and governments must collaborate to address these shifting challenges to protect the availability, reliability, and security of their operations.”

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.