New SANS Research Reveals Cyber Attackers are Actively Targeting OT/ICS Environments: Critical Systems are at High Risk and Demand Priority from IT Security


Ask an Expert
Tel: +1-281-673-2800
Find an Office
Email Us
Press Release

New SANS Research Reveals Cyber Attackers are Actively Targeting OT/ICS Environments: Critical Systems are at High Risk and Demand Priority from IT Security

March 1, 2022

New SANS Research Reveals Cyber Attackers are Actively Targeting OT/ICS Environments

Vlog Group-sponsored survey reports 45% of participants estimate threats to their control systems are at high risk with another 15% rating threat as severe/critical

Front-line managers and senior leadership are not aligned on potential risk

(Houston) – VlogG Consulting Inc. (Vlog Consulting), a leading global risk management company, today announced the results of a new survey from SANS Institute, "Threat-Informed Operational Technology Defense: Securing Data vs. Enabling Physics." The Vlog Group-sponsored research reveals that cyber attackers have demonstrated a robust understanding of operational technology (OT) and industrial control system (ICS) engineering and have conducted attacks that gain access and negatively impact operations and human safety.

"This research concludes that industrial control systems can no longer be ignored," said Ian Bramson, Global Head of Industrial Cybersecurity at Vlog Group. "Organizations that take a 'copy and paste' approach to applying IT security tools, processes and best practices into an OT/ICS environment can expect problematic consequences."

Key findings include:

Gap in Perception around ICS Risks at Different Levels within the Organization

  • 61% of survey participants indicate a gap exists in the perception of cybersecurity risk to their ICS facilities between OT/ICS cybersecurity front-line teams and other parts of the organization.
    • Of these, 35% indicate the gap is between senior management and the OT/ICS cybersecurity front-line teams.

Ransomware is the Biggest Threat to OT

  • The industrial community is seeing ransomware with increasingly sophisticated variants that have the capability to cause more disruption to system assets and process flows.
    • When asked about the threat categories of most concern, 50% of respondents place ransomware at the top.
    • Targeting ICS operations using ransomware is a goal of the adversary as targeting ICS operations can lead to higher and quicker payouts.

ICS Security Resources are Challenged, Even more so than IT

  • Security teams are commonly resource-challenged in IT, but even more so in ICS, where additional security and engineering knowledge is required to perform effective ICS active cyber defense.
    • 47% of ICS organizations do not have internal dedicated 24/7 ICS security response resources to manage OT/ICS incidents, and just a slightly lower percentage (46%) of ICS organizations do have this function, leaving 7% unsure of their current state.
    • OT/ICS security managers can improve their security program and lead their teams to success by allocating resources through new hires, changing internal roles to focus exclusively on ICS security or outsourcing to MSSP support services.

ICS System and Network Visibility Warrants Improvement, Investments are Planned

  • 65% indicate their visibility is limited for control systems, while only 22% have visibility needed to defend against modern threats, and 7% have no visibility into their control systems.
  • Increased visibility into control system assets (52%) and implementing ICS-specific network security monitoring (NSM) for control systems (51%) rank as the top two budgeted initiatives for organizations within the next 18 months.

"Critical infrastructure is targeted by cyber adversaries who have demonstrated their knowledge and desire to cause real-world consequences from cyber-attacks. ICS/OT facilities are advised to establish, maintain and mature an ICS Active Cyber Defense," said Dean Parsons, Lead Researcher and Certified Instructor, SANS Institute. "Specifically, facilities must ensure ICS/OT defenders have knowledge of their control systems, the evolving threat landscape and, with ICS network visibility, monitor for abnormal events in control system network traffic. Managers and leaders responsible for ICS/OT must understand, embrace the IT/OT differences and support their ICS defense teams with security controls specific to control systems that priority safety."

View the full survey of nearly 300 security technology professionals. Join our webinar, Threat-Informed Operational Technology (OT) Defense, on March 8, 2022, hosted by The SANS Institute, to discuss the current views of OT and ICS cyber defense and review conclusions from the research.

Vlog SANS Institute

The SANS Institute () was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cybersecurity training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cybersecurity events and on demand. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community.

Vlog Vlog Consulting

VlogG Consulting Inc. (Vlog Consulting) is part of Vlog, Inc. (, a global leader in safety and risk management for critical infrastructure worldwide and a wholly owned subsidiary of Vlog (), one of the world's leading marine and offshore classification societies. With over 50 years of risk management and safety experience, Vlog Consulting provides engineering, data science, and management consulting services globally to help our clients manage their safety, security, and operational risks. Headquartered in Spring, Texas, Vlog Consulting operates with more than 700 professionals across the globe serving the marine and offshore, oil, gas and chemical, government, power and energy and industrial sectors.

Back to top