Safeguarding ANZ's Industrial Systems from Cyber Threats
A recent survey conducted by Rockwell Automation and Claroty has unveiled alarming statistics about the state of operational technology (OT) cybersecurity in Australia and New Zealand (ANZ). The whitepaper, titled "Safeguarding Australia and New Zealand’s Industrial Systems: The Importance of Operational Technology Cybersecurity," highlights the urgent need for robust security measures in the face of increasing cyber threats.
A Growing Threat Landscape
The survey reveals that 65% of respondents detected at least one OT-related cybersecurity incident in the past year, with 20% reporting over 10 attacks. Two companies even experienced more than 100 attacks, averaging two new attacks per week. These numbers are a stark reminder of the growing threats targeting critical infrastructure, including energy, healthcare, telecommunications, mining, and food and beverage sectors.
The Disconnect Between IT and OT
One of the major challenges identified in the survey is the disconnect between IT and OT teams. A quarter of respondents admitted that their IT and OT business units are not collaborating effectively. This lingering problem stems from inadequate buy-in from executives and misalignment between the priorities of IT and OT teams.
Concerns About Safety and Continuity
The survey also highlights concerns about the potential impact of OT security incidents. 28.6% of respondents were worried about disruptions to production, while 26.2% feared that attacks could compromise employee safety, particularly in environments like power plants or chemical factories.
Legislation and Compliance
The Security of Critical Infrastructure (SOCI) Act 2018 has outlined expectations for critical infrastructure risk management. However, the survey indicates that many of ANZ's most critical infrastructure operators are still behind the benchmark set by the SOCI Act. 60% of respondents believe their OT cybersecurity budget is inadequate for sufficiently protecting their operations.
Recommendations for Improvement
The whitepaper concludes with key recommendations for improving OT security. These include building a positive working relationship between IT and OT organizations, undertaking asset discovery and visibility exercises, conducting targeted risk remediation programs, managing the OT environment to best-practice standards, and being aware of changing regulatory and governance requirements.
A Case for Urgent Action
The findings of the Rockwell Automation-Claroty survey are a sobering reminder of the vulnerabilities in the OT infrastructure of many critical Australian operators. The lack of collaboration between IT and OT teams, inadequate budgeting, and the absence of regular testing are crippling efforts to improve security.
The whitepaper serves as a wake-up call for organizations to urgently review their infrastructure, security capabilities, incident response plans, and collaboration between OT and IT managers. The integrity of Australia's critical infrastructure is on the line, and every organization risks major disruption if they fail to prioritize and invest in security.
About Rockwell Automation and Claroty
Rockwell Automation, a global leader in industrial automation and digital transformation, partnered with Claroty, a company specializing in securing cyber-physical systems, to create this whitepaper. Their combined expertise aims to equip businesses with valuable insights and strategies for secure operations in an increasingly connected world.
The whitepaper "Safeguarding Australia and New Zealand’s Industrial Systems" is a critical examination of the current state of OT cybersecurity in ANZ. It highlights the urgent need for collaboration, investment, and strategic planning to protect critical infrastructure from growing cyber threats.
With the increasing integration of IT and OT systems and the rising sophistication of cyberattacks, the risk to critical infrastructure, sensitive data, and industrial control systems escalates. The findings of this survey underscore the importance of developing and implementing effective incident response protocols to minimize the impact of potential cyber incidents.
The time for complacency is over. The call to action is clear: prioritize, invest, and fortify systems against exploitation. The unexpected is always around the corner, and every operator must be continually prepared and ready to respond to maintain the continuity of their essential business.