Contact Us

ICS/OT Cybersecurity: 2023’s Challenges and Tomorrow’s Defenses

As the threats to industrial control systems evolve, our strategies and tactics as network defenders must keep apace. To aid in this effort, SANS has recently released the results of an ICS/OT cybersecurity survey, which polls security practitioners and decision makers from a wide range of industrial verticals, including energy, chemical, critical manufacturing, nuclear, water management and others. This survey provides us with valuable insights into the nature of the real-world threats that control systems operators face every day. It also yields a wealth of information about industry trends and ICS/OT security priorities, from the field. Read RMC’s main takeaways below. 

Download your copy today 

Most organizations still have immature ICS/OT security programs

When asked about planned future initiatives to improve ICS security, survey participants’ top responses indicated a focus on foundational components of any OT security program, such as increased asset visibility, intrusion detection systems, better physical security, and cybersecurity education and training.

There is increased interest in conducting risk assessments and penetration tests in ICS/OT environments

Survey participants are more commonly performing risk-based assessments, including penetration tests, to identify gaps in security controls within their ICS/OT environments.

The penetration tests tend to be conducted at the higher levels of the Purdue Model (3-5). The objective is to identify attack paths from the enterprise network to the ICS network, or vice versa. Penetration tests can provide important insights, but are most effective for more mature OT environments where previously identified vulnerabilities have already been addressed.

RMC is here to help

Although foundational investments are a necessary component of any ICS/OT security program, program design, sequencing, prioritization of investments, and proper coordination must be considered from the start to maximize risk reduction. We support you to:

  • Help you understand your program’s maturity and adherence to OT security best practices
  • Help you set realistic goals for your ICS/OT environments, and help you achieve them
  • Suggest and implement security solutions tailored to your business goals and regulatory requirements
  • Implement safe, complete, and effective security controls
  • Identify vulnerabilities actively placing your operations and infrastructure at risk

For large organizations, building a strong relationship between security leadership and sites is key to efficient project execution. Improving cybersecurity in ICS/OT environments requires a coordinated effort between enterprise IT (security) teams, site leadership, plant engineers, vendors, integrators, and more. RMC can help foster these relationships, aligning your program’s cybersecurity goals with your sites, achieving buy-in, and building a positive and proactive security culture. During our engagements, we follow these guiding principles:

  • Speak the sites’ language and build trust between the program and the sites 
  • Foster increased cybersecurity awareness with site personnel and leadership
  • Communicate the goals of our proven assessment methodology – we are there to help, not audit
  • Share insights to inform funding decisions for system upgrades and process redesigns

How can RMC help your organization? 

Contact us today:

Be sure to follow RMC Global on LinkedIn, and bookmark our News & Perspectives website to stay apprised of industry insights and topical advice on establishing cyber resiliency in OT environments. 

RMC Announces Sponsorship of the SANS Institute’s 2023 ICS/OT Cybersecurity Survey

ARLINGTON, Va., April 24, 2023 – RMC, the leader in Risk Management, Industrial Cybersecurity, and Mission Assurance services is a proud sponsor of the SANS Institute’s 2023 ICS/OT Cybersecurity Survey. As a leading provider of ICS/OT cybersecurity services, we recognize the importance of understanding the evolving threat landscape to provide the best possible services to our commercial and federal clients.

The survey is now open for responses and we encourage all ICS/OT security practitioners to provide your valuable input. Your participation is critical to help the community better understand the ever-changing ICS threat landscape and explore how critical infrastructure defenders across all sectors are constantly adapting to address new challenges and threats.

The SANS Institute has a long-standing reputation for excellence in cybersecurity research and education, and their annual survey provides valuable insights into the state of ICS/OT cybersecurity. The results of the survey will help organizations, governments, and security providers understand the current risks facing critical infrastructure and make informed decisions about how to mitigate them.

As a sponsor of this important initiative, RMC is committed to promoting awareness of the survey and encouraging participation from all corners of the industry. By working together, we can help to Assure Tomorrow for critical infrastructure and the communities it serves.

Best regards,

Vince Kuchar

CEO, RMC Global