A study commissioned by Rockwell Automation, "Anatomy of 100+ Cybersecurity Incidents in Industrial Operations," reveals escalating cybersecurity incidents are often focused on compromising operational technology (OT) systems or industrial control systems (ICS), the systems that support key critical infrastructure sectors such as energy, water, and transportation.

This global comprehensive study conducted by the Cyentia Institute examined 122 publicly known cybersecurity incidents that involved the direct compromise of industrial operations systems. Nearly 100 data points were analyzed for each incident studied. 

The study's findings revealed that nearly 60% of cyberattacks against the industrial sector were orchestrated by state-affiliated actors connected to nation-state governments. These entities operate strategically, often targeting critical infrastructure to achieve geopolitical, economic, or strategic advantages.

At the same time, the report warns against attributing cyberattacks to specific state actors because of the blurred lines between state-sponsored and independent cybercriminal activities. For example, the report found that 19% of threat actors in the studied incidents were from organized crime groups, where ties to specific nation-states and the groups' locations are not necessarily aligned. "Many attacker identities and regional locations are hidden. Threat actors go to great lengths to conceal this information," said the report authors.

The report found that the most targeted vertical was the energy sector, which witnessed three times more cybersecurity incidents among those studied than any other industry. The heightened frequency of cyberattacks on energy providers is attributed to the sector's potential for high impact, including increased opportunities for ransomware payouts that align with adversarial nation-state goals. Adding to its challenges, the energy sector has struggled with aging infrastructure, including power plants and substations that are up to 50 years old, which often lack modern security controls.

Additional industries that were most often involved in ICS cyber incidents included critical manufacturing, information technology, and nuclear power plants. Substantiating the risk to critical infrastructure, the report also cites how the U.S. government recognizes a growing number of incidents targeting critical infrastructure sectors, particularly water and wastewater treatment facilities.  

More than 80% of the OT/ICS incidents analyzed started with an IT system compromise. 

This is attributed to increasing interconnectivity; most OT networks communicate with the outside world via an IT network. Attack methods continue to evolve and increase in complexity, but phishing remains the most straightforward and effective method for initiating cyberattacks that extend across channels such as email, online platforms, SMS, and voice/telephone. 

In terms of attack motivation, many threat actors seek to disrupt industrial operations for monetary gains, such as ransom payments, or for outcomes involving economic or militaristic advantages. 

To counter state-affiliated and independent cyber threats, the report recommends organizations adopt heightened security measures and encourage collaboration between private sector organizations and government agencies to build robust cybersecurity defenses. Additional recommendations include deploying a secure network architecture, continuous threat monitoring, using network segmentation to isolate IT and OT assets, air-gapping via a demilitarized zone (DMZ) for more significant separation between IT and OT infrastructures, and ongoing employee security awareness training to help prevent such attacks.

The rising threat of state-affiliated actors and their interest in targeting the OT/ICS systems used throughout critical infrastructure organizations demands urgent attention and action. Organizations must proactively assess industrial operations and then shore up defenses to reduce risk. Rockwell Automation advises an in-depth defense approach, as well as swift and well-coordinated incident response capabilities, to enhance resilience in the face of today's most urgent threats, helping to ensure greater safety and reliability.

Download the research report today to review the detailed analysis of 100+ cybersecurity incidents in OT/ICS.