As 2019 comes to a close, we take a deep breath, and welcome another year filled with challenges, triumphs and unknown discoveries within the Operational Technology (OT) cyber security domain. Even with our extensive industry experience, it’s impossible to forecast what we will be reading in the headlines. On the other hand, here are five trends we expect to see popping up on our radar for the next twelve months.
1. Tightened regulatory compliance for CI
We have already seen tightened regulation for Critical Infrastructure (CI) cyber security across areas like Europe, APAC, Middle East and the Americas, and we do not expect this upward trend to cease developing. As more and more regions formally recognise the threats posed to their critical systems, we are likely to see cyber security requirements for CI solidify around the globe – and tighten in existing areas.
2. Increased detection of OT-related security incidents
Whilst the likelihood of OT related security incidents occurring may also be on the rise due to industrial facilities being seen as more valuable targets – the maturity of detection capabilities within the OT space will see to it that more and more malicious activities will get caught in the filters being put in place.
3. Attacks circumventing OT specific security controls
We’ve had just but a taste of this when we reflect on attacks like TRITON and Safety Instrumented Systems (S.I.S). Attacks and malware that circumvent OT specific security controls will be on the rise as malicious parties seek to evolve their methodologies and keep up with improving defensive capabilities. This is not just limited to direct attacks, and could even just be the validation of attack tools which are caught in the process, rather than intentionally aimed to cause real world damage.
4. Building automation security will be put under the spotlight
With a larger than ever emphasis being put on the security of critical OT systems, organisations will begin to realise that the automated building capabilities of their corporate and production facilities harness technologies which will also put them in the same category. Earlier this year we have published extensive research into a large range of Building Management System (BMS) security vulnerabilities, and our expectation is that investigations and discoveries will continue to grow in this field.
5. Demand for skilled OT security personnel will only grow
As the industry has begun to recognise the dire need to produce more skilled professionals for this field, the rate at which these professionals are required is also growing quickly. Talent is becoming difficult to acquire, and organisations will need to invest the time and money into programs which support the expansion of learning programs for potential newcomers in the field.