OPSWAT-Sponsored SANS 2023 ICS/OT Cybersecurity Report Reveals Vital Priorities to Mitigate Ongoing Threats

September 21, 2023

4 Min Read


Tampa, FL – September 21, 2023 — OPSWAT, a leader in critical infrastructure protection (CIP) cybersecurity solutions, sponsored the SANS 2023 ICS/OT Cybersecurity Survey, which unveils a distinct reality: despite notable improvements in defense strategies, including increased ICS cybersecurity awareness and enhanced incident response plans, survey respondents collectively consider current cybersecurity threats to ICS as severe/critical (25%) and high (44%). As a result, the top three items of utmost importance for ICS security programs in 2023 have been identified as network visibility, risk assessments, and transient device threat detection.

ICS/OT environments are becoming increasingly interconnected and complex, offering efficiency and innovation. However, this also exposes organizations to heightened vulnerabilities from relentless cyber threats. Dean Parsons, a SANS Certified Instructor, practitioner, and ICS/OT cybersecurity assessment expert, emphasizes, "This year's survey reveals several notable changes compared to previous years. We see significant efforts in crucial areas and, regrettably, a lack of commitment in some equally important, evolving domains. However, there is a silver lining in the form of increased investments in asset inventorying, network-specific ICS/OT visibility and detection systems, and the development, training, and retention of staff with the required specific ICS security skillsets."

Compromised IT Leads to Comprised OT

Respondents are predominantly concerned with and have experienced ICS incidents involving malware threats or attackers breaching the IT business network. These breaches often enable access and pivoting into the ICS/OT environment. Compromises in IT systems leading to threats entering OT/ICS networks ranked highest, followed by compromises of engineering workstations and external remote services.

To address these threats effectively, understanding the specific vectors within the top threat vector is essential. Questions arise about why IT compromises lead to ICS breaches, the enabling factors behind such breach points, methods used to compromise engineering stations, and the ownership of these critical processes. Luckily, penetration testing is occurring at multiple levels, with a focus on Levels 3, DMZ, and Level 2, indicating proactive measures to assess and enhance ICS security.

IT and OT Collaboration and Training

The report highlights a significant trend towards IT/OT staff convergence, with 38% of all respondents now responsible for both ICS and IT security, indicating increased responsibilities in 2023 compared to the 20% reported in 2022.

Incident Response 

Cybersecurity solution providers are frequently consulted (43%) when signs of infection or infiltration emerge, emphasizing the need for specialized expertise in incident response. Additionally, a quarter of respondents were uncertain about having an exercised and documented plan for operating ICS engineering systems in reduced capacity, and only 56% currently possess a dedicated ICS/OT Incident Response Plan.

"Building resilient critical infrastructure requires a proactive approach to cybersecurity as noted with the SANS’ report findings," said Yiyi Miao, OPSWAT's Chief Product Officer. "At OPSWAT, we're committed to empowering organizations to safeguard their vital systems through effective industry-leading solutions."

Download the SANS ICS/OT Cybersecurity Survey: 2023’s Challenges and Tomorrow’s Defenses. 

About SANS 

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cybersecurity training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cybersecurity events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on technical certifications in cybersecurity. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's and bachelor's degrees, graduate certificates, and an undergraduate certificate in cybersecurity. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to manage their "human" cybersecurity risk easily and effectively. SANS also delivers a wide variety of free resources to the InfoSec community, including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system — the Internet Storm Center. At the heart of SANS are the many security practitioners representing varied global organizations, from corporations to universities, working together to support and educate the global information security community. SANS.org 


For the last 20 years OPSWAT, a global leader in IT, OT, and ICS critical infrastructure cybersecurity, has continuously evolved an end-to-end solutions platform that gives public and private sector organizations and enterprises the critical advantage needed to protect their complex networks and ensure compliance. Empowered by a "Trust no file. Trust no device.™" philosophy, OPSWAT solves customers' challenges around the world with zero-trust solutions and patented technologies across every level of their infrastructure, securing their networks, data, and devices, and preventing known and unknown threats, zero-day attacks, and malware. Discover how OPSWAT protects the world’s critical infrastructure and helps secure our way of life; visit www.opswat.com

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights