Home > Technology + Innovation

Parsons survey reveals critical infrastructure cybersecurity gaps

Parsons survey reveals critical infrastructure cybersecurity gaps

Pasadena, Calif. — Parsons released the findings of a survey of industrial control system (ICS) and operational technology (OT) engineers within U.S. critical infrastructure facilities. The survey revealed an alarming lack of integration of OT and information technology (IT) professionals within the organizations and models for assuring resilience to cybersecurity attacks that do not reflect a fully converged OT/IT approach.

“Thousands of networked devices installed in critical infrastructure facilities are improving operating efficiency but increasing cyber risk,” said Carey Smith, President of Parsons’ Federal business unit. “The perfect storm has already formed, with more connected devices in the industrial controls environment creating numerous points of access for increasingly sophisticated attacks. This survey shines a spotlight on the fact that converged OT and IT solutions are lagging behind the converged threat. The bolt-on, software-based, IT-centric model is not a plug-and-play solution to the OT cyber threat.”

Attacks on both OT and IT critical infrastructure (CI) environments, including the 2015 Ukraine electric system disruption and the March 2018 Russian attack on the U.S. grid, are being reported by government and private sector infrastructure operators with increasing frequency. In October 2017, the U.S. Department of Homeland Security and the Federal Bureau of Investigation issued a joint technical alert in response to advanced persistent threat data on attacks targeting U.S. energy, nuclear, water, aviation, and critical manufacturing organizations. Cybersecurity standards organizations, including the National Institute of Standards and Technology (NIST), have called for solutions to the evolving threat landscape that enhance convergence of OT and IT technologies and processes to strengthen against threats to ICS and OT systems.

The Parsons report, entitled “Parsons 2018 Critical Infrastructure Risk Assessment,” summarizes the input from 300 qualified respondents working as ICS engineers in critical infrastructure sectors, including energy, chemical, water, defense, and manufacturing. Key survey findings include:

  • 66 percent of respondents indicate their organizations are adding more connected industrial internet of things (IIoT) devices to industrial control systems in the OT environment.
  • 78 percent of respondents indicate they are not highly involved in ICS cybersecurity.

The full report can be viewed and downloaded at www.parsons.com/CIPsurvey.