A new survey by TPR report published today in Industrial Cyber Magazine released details findings of an overwhelming 90% of respondents disclosing that the OT (operational technology) recovery process should be owned by OT professionals and not by IT, due to the considerable differences between OT and IT environments in the OT/ICS recovery process.
Additionally, the Survey Report disclosed that 40 percent of respondents revealed that the recovery process in their organization is owned by IT teams. This dissonance may be putting OT systems at risk for costly downtime following an attack.
“While current IT and cloud-based solutions can restore/recover – they cannot do it quickly or without the intervention of expert personnel. This creates serious bottlenecks and often results in hidden costs, delays, and risks,” claims Alex Yevtushenko, CEO at Salvador Technologies. “The need of a recovery solution that is both OT-centric and can provide operational continuity should be a top priority for every OT/ICS cybersecurity professional.”
While progress has been made in this regard, the report went on to assess that there still is a considerable shift that needs to occur in order to put OT/ICS recovery in the hands of the OT sector.
Sponsored by Salvador Technologies, a provider of technological solutions for operational continuity and cyber-attack recovery for ICS and OT environments, the survey collated data from over 100 industrial managers, experts, and leaders across companies to disclose what they are doing in terms of recovery from a cyber incident. It gives an inside scoop on what OT/ICS cybersecurity professionals think about cyber-attack recovery in general, and in terms of their own industrial enterprise.
Highlights of Findings:
- More than 60% respondents say their current Cyber Attack Recovery plan does not adequately support OT/ICS
- 63% respondents are not confident in their Cyber Attack Recovery plan (i.e., business continuity) for critical OT workstations and machines
- 90% of respondents say OT/ICS environments differ dramatically from IT and require an OT-specific approach to cyber security machines.
- Only 10% of respondents perform continuous or weekly validation of OT
workstation/system backups and restoration. Most verify their OT backups once a year or once a quarter because the process is so invasive and time-consuming
Hands-on Effect of Ransomware in OT/ICS environments
Ransomware is on the rise in OT environments and becoming ever more disruptive, leading to more damage and downtime, apart from larger ransom that adversaries can demand from their victims. A key highlight of these ransomware hackers is that they are always upping their game and improving their methods. In recent years, they have demonstrated their growing ability to get nearer to OT/ICS technologies, as showcased in the Colonial Pipeline breach, causing energy outages along the East Coast of the United States last May. Additionally, ransomware attackers nearly shut down the power grid of Queensland’s CS Energy in Australia last November.
The TPR Survey Report also noted that despite paying the ransom amount, there is no guarantee that the cybercriminals will honor their end of the bargain. While some may argue that every ransom payment becomes an incentive for criminals to attack, again and again, it is clear that industrial enterprises need a better way out of the ransomware trap and the specter of OT downtime.
Cyber-attack recovery in OT/ICS environments
The TPR Survey Report calls attention to the fact that in industrial environments, OT/ICS teams must play a role in cyber-attack recovery, as the IT and cloud experts are not very mindful of the continuity of critical industrial processes, within the shortest possible time. While cloud backup and recovery solutions have made great strides in efficiency, the cloud can become a bottleneck when an entire plant or OT production line needs to be restored.
To a vast extent, a harmonious approach is the best way to align the cyber-attack recovery expectations of management with the reality of the OT production environment. OT and IT teams must work together and share the responsibility for Attack Recovery because a one-sided approach will only achieve a false sense of security.
Adopting available resources for recovery
Given the Survey Report, solutions for cyber-attack recovery are gaining importance and recognition for the critical role they play in avoiding downtime after an attack and getting industrial operations fully back on track. While recovery is included in the NIST (National Institute of Standards and Technology) Cybersecurity Framework (CSF), the ‘recovery’ function has been woefully under-invested in favor of preventative measures.
As industrial organizations cannot afford any downtime, they must be better prepared for when things go wrong. When OT systems are breached, those who are not prepared risk harmful impacts on their business including immediate costs and projected losses from the disruption to OT/ICS operations, production lines, etc., direct costs of attack remediation and downtime recovery, the straight charge of ransomware payments, or rise in premiums if insurance has to pay. Furthermore, industrial enterprises must also bear indirect expenses resulting from litigation and or regulatory fines, apart from facing breach and potential disclosure of sensitive company data, and brand and reputation damage.
About Salvador Technologies
Salvador Technologies provides breakthrough technology solutions for operational continuity and cyberattack recovery for ICS & OT, ensuring an easy validation of the backup integrity with an instant restoration test. Our patented air-gap technology enables a full 30-second recovery from any scenario.
The company’s expertise is based on more than ten years of experience in the National Cyber Unit and elite intelligence corps of the Israel Defense Forces (IDF) and on our passion for contributing to global cyber security.
For more info please contact info@salvador-tech.