The State of Global Operational Technology 2022 – part 2
SCADAfence, the OT & IoT cybersecurity technology consultancy, conducted a survey on the current state of OT security, the negative consequence of the shortage of qualified workforce in the field, and the general level of risk organisations are currently facing.
In 2022 SCADAfence surveyed over 3500 OT and IT security experts all around the world. Most of them came from North America – 39%, followed by Europe with 26%, South America – with 18%, and 10% from Asia.
The second lot the three questions they asked belonged to the category
Shortage of OT Security Experts
With every retiring industry employee, a valuable piece of knowledge about the intricacies of operational technology disappears. This is especially significant in the case of legacy systems, which still proliferate critical infrastructure. And in cases where this legacy technology operations and maintenance is not documented well enough and handed over to the succeeding generation, this knowledge vacuum poses a serious threat to the secure and undisturbed operations of such systems.
If this is not enough, OT Security Experts are difficult to come by. A quality OT Security Specialist combines in themself the career path of an Automation/Control specialist (or one of the skill sets typical for a career in industrial controls exposure), and IT networking specialist and a Cyber security specialist.
The most advantageous in this situation seems to be here the Automation control specialists with the intricate knowledge of the processes, technology, and the impact of actions in the operational technology space. In their case, moving into the OT security field seems to be a natural extension of their career path through acquiring additional knowledge of advanced networking and cyber security training.
For both the IT network specialist a well as a Cyber security specialist, moving into the field of OT security usually becomes a shifting of gears exercise on high revolutions as introducing any changes of variables in an operating operational technology environment – even for the purpose of benign testing or checking – can result in production downtime and losses of revenue.
It should come as no surprise then, that according to a survey from 2021 conducted by the SANS institute, 52% of organisations believed that their IT staff do not understand OT operation requirements.
Following this trail, SCADAfence researchers posed the following three questions:
Q1 – Do you feel there is a shortage of OT security workers overall?
83% of respondents responded positively to this question with the remaining 17% admitting they felt a slight shortage of staff in this area.
Q2 – Why are organisations not succeeding to bring on more OT security employees?
To provide the reader with an idea of the scope of demand for cyber security roles in general (not OT specific) – in the UK alone, the demand for cyber security specialists has increased by 58% between 2020 and 2021, where most of the employers were struggling to find the right employees due to the lack of appropriately trained staff.
63% answered that it was due to security professionals lacking the right amount of OT skills
25% pointed to the burnout rate as the reason for such a state of affairs.
And 12% said their organisations lacked significant resources
Q3 – Which of these factors do you feel are diminishing the effectiveness of your organisation’s OT security?
69% of security professionals surveyed believed the lack of OT security staff is diminishing the effectiveness of their organisation’s OT security.
This was followed by 18% pointing to the evolving threat landscape and new cyber threats.
8% of the respondents held the industry compliance regulation requirements responsible for this.