Incident Response, Anomaly Detection Rank High on Planned ICS Security Spending

Incident Response, Anomaly Detection Rank High on Planned ICS Security Spending

November 12, 2024 at 07:05AM

The SANS State of ICS/OT Cybersecurity 2024 report reveals insights from 530 professionals on current and planned technologies in critical infrastructure. Key current technologies include access controls and backup tools, while future focus areas include ICS-specific training and metrics. Increasing investment in less-deployed technologies like SBOM and SOAR is noted.

### Meeting Notes Summary: SANS State of ICS/OT Cybersecurity 2024 Report

**Current Technologies in Use (Top 5):**
1. **Access Controls** – 81%
2. **Backup and Recovery Tools** – 74.4%
3. **Endpoint Detection and Response Tools (EDR)** – 73% (20% increase from 2019)
4. **Segmentation between Control Systems & Higher Risk Networks** – 66%
5. **Securing Remote Access with Multi-Factor Authentication** – 65%

– These categories have seen significant increases in implementation according to SANS.
– Notably, the focus remains on IT–OT boundaries (the “hard shell”) while also addressing the “gooey center” of systems.

**Upcoming Technologies and Focus Areas (Next 18 Months):**
1. **ICS-Specific Cybersecurity Metrics/Dashboards** – 37%
2. **ICS Network Security Monitoring and Anomaly Detection** – 33%
3. **Control System Enhancements and Upgrades** – 32%
4. **ICS-Specific Cybersecurity Training** – 31%
5. **ICS-Specific Incident Response Simulations/Tabletops** – 30%

– Nearly 50% of respondents are currently using the technologies mentioned for the next planned activities, signaling potential increases in implementation.

**Emerging Technologies (Low Current Deployment but High Investment Plans):**
– **Software Bill of Materials (SBOM)** – 25% currently deployed, 28% planning
– **Industrial Cloud Security** – 26% currently deployed, 23% planning
– **Security Orchestration, Automation, and Response (SOAR)** – 28% currently deployed, 30% planning

**Key Takeaways:**
– There is a notable shift towards investing in training, simulations, and incident response alongside technological upgrades.
– Future trends indicate that ICS security programs are poised for increased implementation of both current technologies and emerging solutions.

**Conclusion:**
The report suggests that as organizations solidify their defenses, a balance between technology and non-technology investments will be crucial in enhancing overall cybersecurity resilience in critical infrastructure sectors.

Full Article