Connect with us

Hi, what are you looking for?



Endpoints a Top Security Concern for Industrial Organizations: IIoT Survey

Actively Checking Device Integrity Can Detect Changes that Evade IP-based Monitoring

Actively Checking Device Integrity Can Detect Changes that Evade IP-based Monitoring

The SANS Institute recently published a research study of Industrial IoT (IIoT) security. The survey polled more than 200 security professionals from energy, utility, oil and gas, and manufacturing organizations. Among the key findings, the majority of respondents reported they are more concerned about endpoint device security, than network security.  Another interesting takeaway, less than 5% of those in operational technology (OT) roles said they were confident in their company’s ability to secure these new infrastructures. Both OT and IT respondents cited they lack appropriate IIoT monitoring capabilities. 

According the report’s authors: “The closer someone is to the IIoT systems, the greater the recognition of a challenging reality. The individuals probably the most knowledgeable about IIoT implementation, the OT team, appear the least confident in their organization’s ability to secure these devices, while company leadership and management, including department managers, appear the most assured.”

Let’s’ unpack these findings.  

Concerns about endpoint security in industrial environments, especially among OT personnel, are being driven by the demise of the traditional air gapping of OT infrastructures. A full 32% of organizations surveyed said they have IIoT devices connected directly to Internet, bypassing traditional ICS security layers. The threat of external attacks reaching OT networks is no longer science fiction; it is happening now.  

Case in point, the Department of Homeland Security recently revealed that hackers working for Russia have breached the control rooms of U.S. electric utilities where they could have caused blackouts.

ICS/SCADA Security ConferenceWith industrial threats now a reality, OT personnel are becoming keenly aware of the shortcomings they face in securing ICS devices. Among those surveyed, less than 30% have OT-specific monitoring capabilities, while 72% rely on IP suites to control, configure and collect device data. Without visibility into changes made to device configurations, software and patch levels, it’s virtually impossible to detect an attack until it’s too late. IP suites can monitor network traffic, but not the integrity of controllers.

To complicate matters, many industrial organizations are not proactively addressing known vulnerabilities in IIoT devices. Only 40% of respondents, or two out of five, indicated they apply and maintain current patches and updates on devices. While 60%, or three out of five, are not using device-level patching to protect IIoT devices and systems.

These results are concerning, but are consistent with what we are seeing in customer engagements. Namely, that it is extremely difficult to monitor and secure OT environments without domain specific tools. The fact that OT personnel are more concerned about IIoT security than their IT counterparts is telling. They understand the risks, and consequences, of industrial security incidents and the urgency to address vulnerabilities in their systems.

Advertisement. Scroll to continue reading.

The reality is, specialized monitoring and control technologies needed to prevent unauthorized process changes and protect ICS networks from external attacks are generally not provided by device manufacturers and when they are, it is vendor and sometimes even model specific. And, as mentioned earlier, IP-based tools lack the level of visibility required to detect device level threats.

Fortunately, a new category of products can provide deep real-time visibility, security and control  into the control-plane activities of industrial networks using an active approach for monitoring the integrity of a device’s state as well as network anomalies.  By monitoring engineering changes made to industrial controllers either over the network or directly on the devices, these technologies provide a 360 degree view to detect unauthorized activities and threats early in the kill chain, before damage occurs.

The complete 2018 SANS Industrial IIoT Security Survey is available here (PDF)

Written By

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

More People On The Move

Expert Insights

Related Content


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...


Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...


Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.