Sixty-eight percent of Federal operational technology (OT) administrators and managers reported experiencing an OT cyber-incident in the past year, but only half felt confident they could detect or mitigate a threat today, according to new research from MeriTalk and Claroty.
The research report, “Guardians of Government: The State of Federal OT Security,” is based on a survey of 100 Federal security administrators and managers overseeing OT in Federal civilian and Department of Defense (DoD) organizations.
The good news is that more Federal agencies are focusing on OT cybersecurity, with 90 percent of Federal OT leaders reporting an increase in their agency’s prioritization of OT cybersecurity in the past two years.
Yet despite this high percentage, only 55 percent of Federal OT leaders felt fully confident they could detect and mitigate a threat if it were to occur today and just 20 percent gave their agency an “A” grade for cybersecurity preparedness.
Federal OT leaders said network visibility was the largest gap in their current OT security strategy, according to 45 percent of respondents. Other top gaps included secure access and remote monitoring (38 percent), as well as vulnerability and risk management or exposure management (38 percent).
Additionally, 65 percent said they are concerned about the number of OT assets in their agency that have reached end-of-life but remain internet-facing. Just 39 percent said the majority of their OT environments are air-gapped, which means they have no direct connection to the internet or other connected computers.
One-third of respondents (37 percent) cited the complexity of OT environments – including geographic distribution – and the need to increase collaboration between OT and IT security teams as areas for improvement.
To accelerate progress, respondents recommended standardizing risk models, enhancing visibility and access controls, and upskilling staff.
“We are seeing Federal civilian and DoD agencies that place a strategic emphasis on securing their diverse OT environments as among the most prepared to defend against threats to their operations,” commented Heather Young, the regional vice president of Claroty, U.S. Federal.
“These agencies have prioritized collaboration between OT and IT security teams, they continually assess vulnerabilities, and they are standardizing risk models and upskilling teams to meet current and future threats. This is what is needed to increase resilience across the Federal government.”
To dive more into the insights, methodology, and recommendations from Federal OT leaders, download the full report.