SANS Institute Survey Finds ICS Security Risks Continue to Rise and Evolve

Bethesda, Md. – SANS Institute's annual survey of industrial control systems (ICS) security practitioners finds that threats are shifting, identifying attacks remains challenging, and some basic security practices are not implemented.

The fourth year of the survey found some improvements in protecting critical assets and infrastructure, while other challenges have emerged. For example, four out of 10 ICS security practitioners lack visibility or sufficient supporting intelligence into their ICS networks, which is one of the primary impediments to securing these systems. Ransomware was newly identified as a top threat, along with the growing addition of devices to the network.

Despite the high-profile news coverage of recent attacks of unpatched systems, SANS found that only 46% of respondents regularly apply vendor-validated patches. An astounding 12% neither patch nor layer controls around critical control system assets.

Bengt Gregory-Brown, survey author, noted, "Changes in ICS/SCADA environments have historically come at a pretty slow pace, but this pace is accelerating with IT/OT convergence, and the speed of change is challenging everyone working with these systems to keep up or accept growing levels of risk."

Survey responders placed the highest priority on keeping OT systems reliable and available.

"With nearly 69% of ICS security practitioners saying threats to the ICS systems are high or severe and critical, it becomes clear that companies must pay attention at the highest levels to ensure the safety, reliability and integrity of their company's control systems," said Doug Wylie, director of the Industrials & Infrastructure Practice Area at SANS Institute.

SANS and experts will share results of the survey during a two-part webcast Tues., July 11 and Wed., July 12 at 1:00 p.m. EDT. The webcasts are sponsored by Great Bay Software, Nozomi Networks, PAS, Tempered and TripWire.

Register to attend the webcasts at and

Those who attend the webcasts receive early access to the associated whitepaper, which will be posted and available at after the live webcasts.


#ICS security: more attacks, focus on protecting data & systems, budgets steady: @SANSICS survey results webcast July 11, 12

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (