Facility management worried about OT cybersecurity, but few plan to fix it

Dive Brief:

Seven in 10 managers are concerned about whether they have an adequate level of operational cybersecurity to protect their facilities, including healthcare facilities and corporate data centers, according to a survey by KRC Research on behalf of Honeywell.
One-quarter (27%) of facility managers experienced a cyberattack in the last 12 months, and two-thirds consider managing OT cybersecurity as one of the most challenging responsibilities of their jobs. Researchers conducted online surveys of 1,554 facility managers in the U.S., Germany and China.
Despite those concerns, 44% of respondents had a cybersecurity solution in place to protect operational technology systems from an attack. One-third had plans to make new investments in cybersecurity protection over the next 12 to 18 months.

Dive Insight:

Major concerns about cybersecurity in the OT space are on the rise, as threat actors have launched multimillion dollar ransomware attacks against critical industries in the U.S. and abroad.

Since May, ransomware attacks have led to the temporary shutdowns of Colonial Pipeline, the largest fuel supplier to the East Coast of the United States, and JBS USA, the largest meat supplier in the U.S.

Colonial paid $4.4 million to the DarkSide ransomware gang in order to fully restart operations (though about half was recovered by the FBI), while JBS paid $11 million to restore production at its processing facilities.

A central issue that arose during the Colonial Pipeline attack, as well as a key concern in the Honeywell report, was the impact of work from home rules implemented during the COVID-19 pandemic. An increasing number of OT facilities have been operating with remote staff that had to rely on sensors and other types of automation, making them more vulnerable to cyber disruptions.

"The key focus areas within the survey included management challenges, facility issues and priorities, solutions for stakeholders and building occupants as well as the impact of COVID-19 and remote management," Mirel Sehic, global director cybersecurity at Honeywell Building Technologies, said via email.

Most cybersecurity investments have focused on making sure information technology systems were protected against cyber intrusions, however in facilities, everything from HVAC to building management and security systems are vulnerable to attack.

"From an IT department's perspective, OT systems have been out of sight and thus haven't always had the same level of monitoring or maintenance hygiene," Sehic said.

Earlier this month, the Cybersecurity and Infrastructure Security Agency (CISA) warned, based on research from Mandiant, that up to 83 million IoT devices that use the ThroughTek "Kalay" network were vulnerable to remote access. The vulnerability could allow a threat actor to gain unauthorized access to live video or audio streams.

The Honeywell report echoes concerns that Gartner clients have about the rise of interconnected technologies raising the overall threat envelope, said Katell Thielemann, VP analyst of security and risk management at Gartner.

"At the same time, operators and maintainers of assets are not equipped to deal with cybersecurity issues, and information centric IT-security teams are not equipped to handle asset-centric security," Thielemann said.