Train From Home on Your Schedule with OnDemand - Special Offers Available Now


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

OT/ICS Security Professionals Say Risk is at Critical Levels and Believe People Represent the Biggest Risk to Cybersecurity

SANS 2019 State of OT/ICS Cybersecurity Security Survey Also Finds Mobile Devices, Wireless Networks and Cloud Services Expand Cyber Risks

  • Bethesda, MD
  • May 29, 2019

People remain the greatest threat to industrial control systems (ICS) and associated networks, as found by a new SANS survey focused on better understanding cybersecurity risks to operational technology (OT) systems. More than half of respondents also see the cyber risks to their safe and reliable operations as high or higher than in past years.

Three hundred forty-eight security professionals worldwide, representing IT, OT and hybrid IT-OT domains provided their thoughts in the SANS 2019 State of OT/ICS Cybersecurity Survey. Sixty-two percent of those surveyed believe people are the greatest risk to compromise, trailed by technology (22%) and processes and procedures (14%).

"The obvious concern about the risk that people represent--whether they are malicious insiders, careless employees or nation-state bad actors--is consistent across industries," noted survey co-author and SANS Senior Analyst Barbara Filkins. "We were a little surprised at the lower-ranking concern around process, given that there is significant complexity involved in ICS design, implementation and operation to safeguard OT systems. It's possible recent attacks that almost always include tried-and-true tactics that exploit human-factors might have impacted our respondents' perceptions."

Survey takers told SANS that identifying connected assets and gaining visibility into device, network and control system integrity remains an issue; 45.5% consider it a leading focus for their organizations. That aligns with traditional IT security concerns in which identifying and tracking assets and networks remains a challenge. Not surprisingly, mobile devices (including those used remotely to augment and replace ICS workstations), and wireless communications solutions are contributors to overall risks and threat exposure.

Survey co-author and director of SANS Industrials & Infrastructure business portfolio Doug Wylie said, "We know from previous SANS research that the addition of 'things' and mobile devices to ICS represent significant risk. We see in our newest results that practitioners struggle mightily with how to offset these mounting challenges."

The growing adoption and movement to cloud services (40% of respondents indicated they use some cloud service) represents additional risks with exposure to new threats that need to be comprehended and addressed. Wylie added, "Hyperconnectivity and the rapid introduction of new technology within OT is providing tangible value, but the added complexity that comes with each continues to outpace the readiness of those tasked with safeguarding today's systems from cyber threats."

Learn more in a SANS webcast June 12, 2019, with Filkins, Wylie and SANS advisor Jason Dely, sponsored by Cisco, Forescout, Owl Cyber Defense, Nozomi Networks, Radiflow and Yokogawa. Register now at and be the first to get the associated report of the survey data and SANS recommendations. Also join industry experts from Nozomi Networks, Radiflow and Yokogawa on June 19 for an interactive panel discussion on OT/IT security issues,

Tweet this: @SANSInstitute #ICS cybersec survey finds people are biggest risk. Mobile, wireless & cloud represent major risks that are not being addressed. Join the June 12 webcast

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (