As an industry, we’re well-versed on the link between technology and business continuity. But what about the application of technology to human continuity?
There is indeed a link and it’s found in cyber-physical systems (CPS) that control and monitor physical processes at the foundation of modern life. CPS is everywhere within industrial, healthcare, and commercial enterprises. CPS monitors and controls the assets that are core to mission-critical infrastructure, and executes the actions that ensure our lives flow uninterrupted.
A Life, uninterrupted is the principle that must guide CPS protection programs, and to achieve this level of availability and reliability, CPS must be protected from disruptive and damaging cyberattacks. Life, uninterrupted must be the North star that cybersecurity decision makers aim for. At Claroty, this is much more than a marketing slogan and campaign, this is the mantra that guides our day-to-day operations.
We understand that cyberattacks are devastating to businesses, disrupting revenue flows and the delivery of services. We know that CPS disruptions carry extra weight because of the possible toll on physical safety should, for example, life-saving medical care or indispensable food or fuel deliveries become unavailable.
These smart CPS assets are today connecting to the cloud and advanced networking architectures at exponential rates, helping manufacturing facilities, water treatment plants, transportation and logistics companies, commercial entities, and hospitals guarantee our safety and way of life. Disruptions in these computing capabilities—especially those caused by a cyberattack—don’t just disrupt servers and email. They put personal safety at risk.
The Road to CPS Resilience
Let’s look at some of the organizational and external factors CISOs must consider in improving the resilience of CPS.
Invest in CPS Protection
Recent SANS Institute survey results report that 81% of industrial companies allocate less than 50% of cybersecurity budgets to the protection of operational technology. Furthermore, while 55% of organizations have bumped OT security budgets up, only 23% consider those increases “significant.”
This is happening in parallel with unprecedented rises in connectivity across critical infrastructure sectors. U.S. power grid exposures rise daily, and number almost 24,000; unsurprisingly, cyberattacks against U.S. utilities rose 70% from 2023 to 2024, according to a Reuters report.
Rapid Recovery Key to CPS Uptime
Resilient CPS are hallmarked by their ability to withstand active attacks, adapt to disruptions caused by cyberattacks in order to keep critical functions running even at reduced capacity, and to recover quickly from an incident.
Breached enterprises, however, are struggling with recovery in particular. Gartner, for example, reports that 90% of victimized firms take hours or days to return systems to service; and that an hour of unplanned downtime from attacks against OT or CPS in manufacturing averages $5.6 million. These are unsustainable numbers.
Develop, Test Continuity Plans
Cyber incident-response plans are well known among traditional IT security and risk management teams. They account for procedures, communications, and personnel involved in responding to an incident. This, however, hasn’t yet migrated to the CPS and OT sides of the house.
According to SANS and other published reports, 35% of industrial plants lack a cyber incident-response plan for the remediation and recovery of their OT assets, while only 27% of organizations report have documented a business continuity plan tailored to their cyber-physical systems.
Non-Negotiable CPS Protection Actions
There are common themes moving throughout these risks that are not inconsequential to the protection of CPS.
First, is the need to eliminate the siloes that still exist between IT cybersecurity teams and their OT counterparts; 76% of organizations maintain divisions between IT and OT, and only 3% consider their cybersecurity readiness as “mature.”
Convergence is happening, but many cybersecurity leaders are overwhelmed by the complexity and proprietary nature of some CPS and OT implementations, and their exposure grows by the day. To maintain Life, uninterrupted, CISOs and business leaders must commit expertise and financial resources to ensure human safety and continuity, operational uptime, and trust in the business.
Asset visibility is the foundational element of a resilient CPS protection program. A clear, accurate inventory of assets enables the rest of the organization’s cybersecurity efforts and investments. Having clarity into the connected assets on your network paves the way toward reducing your exposure to external threats, allows you to identify and secure remote access to critical assets, detect threats to the network, and have the ability to isolate key network segments in the event of an incident in order to minimize downtime and ensure faster recovery.
Life, uninterrupted is a non-negotiable requirement. Getting there means understanding the gravity of the processes and services governed by CPS, their impact on our way of life, and how to instill visibility and resilience into these data-rich environments. Attackers are watching; are you ready?
