TUV RHEINLAND: CYBER RISKS FOR INDUSTRIAL PLANTS UNDERESTIMATED
TUV Rheinland and Ponemon Institute publish worldwide study on the Cybersecurity of industrial plants.All information at www.tuv.com
Cyberattacks can threaten the industrial facilities of companies even more than their IT systems. However, a holistic view of the security of industrial plants is often lacking. This is a key finding of a recent study on security in industrial companies by TUV Rheinland and the Ponemon Institute.
Operational Technology in the sights of the hackers
Operational Technology (OT) is the main target for cyberattacks on industrial plants. These are devices and systems that control or monitor industrial processes - such as motors, pumps or valves. "OT systems differ in function and technology from classic corporate IT. At the very same time, successful cyberattacks on OT systems often cause particularly high levels of damage to the companies affected", explains Petr Láhner, Executive Vice President of the Business Stream Industrial Service & Cybersecurity at TUV Rheinland. "We have therefore placed the Cybersecurity of Operational Technology at the center of our study, following on from the findings of the first study on this subject in 2019".
Measures for IT and OT systems not coordinated
For the "2020 Study on the State of Industrial Security", the independent market research company Ponemon Institute surveyed more than 2,200 cybersecurity experts worldwide from the automotive, health and pharmaceutical, logistics and transport, mechanical engineering, oil and gas and utility sectors. The Ponemon Institute, based in Traverse City, Michigan, is dedicated to independent research on information and privacy management in companies.
The following results show how much cyberattacks endanger OT systems:
- More than half of the respondents (57 percent) say that their companies firmly expect attacks on OT systems.
- Almost half (48 percent) are convinced that cyber threats pose a greater risk to OT systems than to the IT environment.
- Almost two thirds (63 percent) of those surveyed stated that security measures for IT and OT systems are not coordinated in their companies.
- For almost half of the respondents (47 percent), cyber threats to OT systems have increased over the past year. These include attacks such as phishing, social engineering and extortion software ("ransomware").
"From our point of view, it is crucial that companies tailor their cybersecurity measures to the specific requirements in Operational Technology. For example, some control systems may have limited cybersecurity controls in place and could subsequently be vulnerable to cyber threats. To do this, companies have to assess their OT cyber risk and invest time and money for best effect. It is alarming that in the view of the experts surveyed, there are too few financial or professional resources available for OT security. In addition, a holistic view of the security of industrial plants is often still lacking. In an increasingly networked world, industrial plants are only really secure if both their IT and OT cybersecurity is addressed", Láhner says.
About TUV Rheinland
TUV Rheinland stands for safety and quality in almost all areas of business and life. Founded almost 150 years ago, the company is one of the world's leading testing service providers with more than 21,400 employees and annual revenues of 2.1 billion euros. TUV Rheinland's highly qualified experts test technical systems and products around the world, support innovations in technology and business, train people in numerous professions and certify management systems according to international standards. In doing so, the independent experts generate trust in products as well as processes across global value-adding chains and the flow of commodities. Since 2006, TUV Rheinland has been a member of the United Nations Global Compact to promote sustainability and combat corruption.