Cyber Skills Training at SANS Seattle Fall 2018. Save $400 thru 8/22!


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

The State of Security in Control Systems Today: A SANS Survey

Visibility a Concern; Threat Vectors; IT-ICS Convergence Strategies

  • Bethesda, MD
  • June 19, 2015

The control systems used to critical infrastructure facilities are increasingly vulnerable to attack, but it's almost impossible to tell how often they're breached or how it's done, according to early results from a SANS survey on the security of industrial control systems. Thirty-two percent of respondents who admitted having experienced a breach said they can't say how often they were breached; 42% said they weren't able to identify the source of the breaches.

"The number of confirmed breaches is rising, but the limited ability of most ICS security systems to detect attacks, let alone reveal their source and type, is at least as big a problem as the number of attacks on operational technology systems," according to Bengt Gregory-Brown, consultant to the SANS ICS program. "Lack of visibility into ICS systems is a problem, and one that's growing with greater connectivity and the IT-OT integration."

The increasing integration of IT into once-isolated OT systems is one of the top three threat vectors identified by security professionals polled by SANS. The threat of attack from external actors is still the biggest concern; 42% of respondents said outsiders are the top threat and 73% said it was one of the top three. Internal threats came in second, being named by 49% of respondents as being in the top three threats, followed by integration of IT into control system networks, with 46%.

Although integration is concerning, IT and ICS are converging with greater frequency. Only 29% of respondents have begun implementing a strategy to manage that convergence securely; 36% are developing a strategy and 18% have no strategy at all and don't plan to develop one.

"We are very glad to see indications of growing collaboration between IT and ICS security staff," says Derek Harp, director of the SANS ICS-SCADA security. "But the number of companies lacking strategies to manage the integration of IP technologies and commercial operating systems into ICS environments is still quite high."

Appropriate training is key to being able to address the security issues as IT and ICS continue to converge. Most respondents reported having IT certifications, but far fewer had ICS security-specific training. Multiple factors drive the increased targeting of control systems. To successfully protect these environments, control system and information security professionals need sufficient training, tools and support--not only so they can respond to ongoing attacks, but so they can proactively identify and implement safeguards to prevent future breaches.

Full results will be shared during a webcast on Thursday, June 25, 2015, at 1 PM EDT, sponsored by SurfWatch Labs and Tenable Network Security, and hosted by SANS. Register to attend the webcast at

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and ICS expert Derek Harp and Bengt Gregory-Brown, a consultant to the SANS ICS program.

Tweet This

6/25 Webcast will discuss #IoT and #ICS Security fears & concerns @1pm EDT. Reg; #infosec

We know you are concerned about Control System Security. Hear survey results on 6/25. Webcast: #infosec

Jun 25: Learn what orgs are planning to increase security of control systems/networks. Webcast: #infosec

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner's qualifications via over 30 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (