"Attacks on control systems are on the rise," says Matt Luallen, SANS Analyst and author of this survey. "Budgets for cybersecurity in SCADA ICS environments remain very slim, and organizations continue to be dependent on limited resources and staffing to detect breaches and attacks."
In the year since SANS' last survey on this topic, the number of entities with identified or suspected security breaches has increased from 28% to nearly 40%. Only 9% can say with surety that they haven't been breached.
Organizations want to be able to protect their systems and assets, which include computer systems, networks, embedded controllers, control system communication protocols and various physical assets. Respondents also noted they strive to protect public safety; increase leadership risk awareness; and expand controls pertaining to asset identification, communication channels and centralized monitoring.
Still, many organizations do not or cannot collect data from some of the most critical SCADA and ICS assets, and many depend on trained staff, not tools, to detect issues. Alarmingly, according to the survey, 16% have no process in place to detect vulnerabilities.
Interestingly, the survey noted a merging of ICS security and IT security. "Respondents indicated that ICS security is being performed by specialists reporting to both engineering and IT," says Derek Harp, business operations lead for ICS programs at SANS. "This places a real priority on cross-departmental coordination, effectively bridging competencies and building (as well as assessing) skill in an organized manner."