Академический Документы
Профессиональный Документы
Культура Документы
Tripwire State
of Industrial
Cybersecurity Report
October 2019
FOUNDATIONAL CONTROLS FOR
SECURITY, COMPLIANCE & IT OPERATIONS
As news of cyberthreats targeting industrial environments like energy
utilities and manufacturing plants continues to surface, Tripwire surveyed
security professionals who work in these industries to understand how
industrial organizations are protecting themselves.
2
Participants
A total of 263 qualified individuals completed the survey. All participants had
direct responsibility for the security of ICS systems at an energy, manufacturing,
chemical, dam, nuclear, water, food, automotive or transportation company with
more than 100 employees.
2%
13% 19% 4%
26% 16%
32%
LATAM
Manufacturing 47%
Energy, oil and gas 22%
30% Automotive and transportation 18%
35%
Food and agriculture 6%
Water and wastewater 3%
Chemical 2%
35% Nuclear 1%
Dams .38%
0 10 20 30 40 50
100–1,000 employees
1,000–5,000 employees
3
Cyberattacks: A Real Concern for Industrial Organizations
Eighty-eight percent are worried about the threat of ICS cybersecurity attacks,
with the highest rate of concern in the energy and oil & gas industry.
88%
Energy, oil and gas 97% 3%
0 20 40 60 80 100
4
Given your knowledge of your ICS
systems, are you concerned an ICS
cybersecurity attack could result in
a catastrophic event (i.e. explosion)?
34%
Yes
66%
No
5
Investing in Cybersecurity
Over the past two years, 77 percent What types of investments have you made in your
said they have made cybersecurity industrial environment in the past two years?
investments in their industrial
environment. Education or training 82%
Of those, the top investments were in
education, security assessments and
technology for gaining asset visibility. Assessment 70%
Other 2%
0 20 40 60 80 100
Of those who have NOT invested in Why haven’t you made investments in your industrial
cybersecurity over the past couple environment in the past two years?
years, lack of budget was the top
reason. Could not secure budget 39%
We are in process with an investment
but it is taking a long time
30%
Available technology was not a
fit for OT security needs
22%
Other 4%
0 5 10 15 20 25 30 35 40
6
Fifty percent do not believe their What do you think will be necessary for your company to
company is investing sufficiently in invest sufficiently in ICS cybersecurity?
ICS cybersecurity.
Of those, 68 percent think they’d need to Once there is a significant attack
experience a significant attack in order to against us, they’ll invest more
68%
invest more.
We need time to go through the
decision-making process 58%
They just need more
information on the threat 43%
Other 1%
Nothing will make our company
invest at the right level
3%
0 10 20 30 40 50 60 70 80
7
Strategies for Stronger Security
Only half (52 percent) have more All of them 6%
than 70 percent of their assets
tracked in an asset inventory. More than 90% 26%
To the best of your knowledge, approxi-
mately how many of your company’s OT
70–90% 20%
assets does your company have tracked 50–70% 25%
in an asset inventory?
Less than 50% 18%
None of them 2%
We don’t have an asset inventory 2%
0 5 10 15 20 25 30
8
About a third of organizations Yes
don’t have a baseline of normal
behavior for their OT devices, nor
a centralized log management No
31%
solution.
Does your company have a baseline
of normal communications behavior
of your OT devices and OT network? 69%
61%
9
Only a third (34 percent) have Yes, we have
had an industrial security 11%
assessment, but more than half No, but we are considering it
(55 percent) are thinking about
having one. 34%
No, and we are not considering it
Has your organization ever had an
industrial cybersecurity assessment
performed?
55%
10
Building Industrial Cybersecurity Teams
With cybersecurity a relatively new issue for industrial environments, organi-
zations are still driving to bridge the IT and OT gap and build up their industrial
cybersecurity teams.
Nearly half (49 percent) report that They have stronger collaboration
3% and work together more effectively
collaboration between IT and OT is
improving. Collaboration is weaker now
How are your IT and OT teams or than it was in the past
22%
functions working together now
compared to two years ago? There has been no change
49%
We don’t have separate
IT and OT functions
25%
11
Most (79 percent) reported the Yes
need to better train their teams
on OT security.
Does your company feel you have a 21% No
gap in terms of training OT and IT
staff around the unique needs and
requirements for securing your OT
environment?
79%
0 20 40 60 80 100
12
Tripwire is the trusted leader for establishing a strong cybersecurity foundation. Partnering with
Fortune 500 enterprises, industrial organizations and government agencies, Tripwire protects the inte
grity of mission-critical systems spanning physical, virtual, cloud and DevOps environments. Tripwire’s
award-winning portfolio delivers top critical security controls, including asset discovery, secure config-
uration management, vulnerability management and log management. As the pioneers of file integrity
monitoring (FIM), Tripwire’s expertise is built on a 20+ year history of innovation helping organizations
discover, minimize and monitor their attack surfaces. Learn more at tripwire.com
©2019 Tripwire, Inc. Tripwire, Log Center/LogCenter, IP360 and Tripwire Axon are trademarks or registered trademarks of Tripwire, Inc. All other product and company names are
property of their respective owners. All rights reserved. BRDRICS1a 1910