Palo Alto Networks Report: Cyber Attacks Now a Major Source of Unplanned Downtime for Industry

Unplanned downtime is the bane of industry. According to previous ARC research, unplanned downtime costs the combined industrial and energy sectors well over a trillion dollars of lost revenue every year. Traditional sources of unplanned downtime are things like operator error and equipment failure. Manufacturers have spent billions implementing better safety systems, asset management systems, and even things like artificial intelligence to predict failures, prevent incidents, and avoid unplanned downtime. 

Today, cyber incidents and attacks are a prominent source of unplanned downtime. In many cases, these attacks aren't even directed at the OT environment, but the loss of visibility into operations results in a shutdown of the OT environment. A good example is the Colonial Pipeline attacks, which targeted IT and enterprise level systems that basically measured the amount of money going through the pipeline. This loss of IT and enterprise functionality resulted in an OT shutdown that had significant consequences for the entire US oil and gas market. Industry is rife with examples like this, and a recent report from Palo Alto Networks also confirms this. 

Palo Alto Networks recently released its report, "The State of OT Security: A Comprehensive Guide to Trends, Risks & Cyber Resilience." The report as a whole offers some great insights into what's happening in OT security today, but the most notable thing to me, and the number one finding in the report, is that cyberattacks are shutting down OT operations at an unprecedented rate, and the majority of these attacks are at the IT level, not the OT level. According to the report, "Almost 70% of industrial organizations have experienced a cyberattack in the past year, and 1 out of 4 experienced a shutdown of operations as a result." The report also noted that IT is the primary vector for attacks, with "72% of attacks targeting the OT originating there."

But please don't take this news to mean that OT level attacks aren't a thing. While most attacks may originate at the IT level, the report goes on to say that over 76 percent of Palo Alto's survey respondents indicated that they have experienced a cyber attack in the OT environment. According to the report, "An overwhelming 75% of respondents reported frequent attacks, often monthly, but also weekly and daily. This reveals the existence of a dynamic cybercrime ecosystem, one that is clearly well engaged in targeting the OT environment."  

End users need to adopt better cyber resilience strategies and start treating cyber threats as the major threat to continued operations that they are. "IT" and "OT" no longer exist as separate islands in the manufacturing enterprise, they are inextricably connected, and clearly IT and enterprise systems are the preferred vector for attacks. The Palo Alto report also has a lot of good information on continued IT and OT collaboration and many other issues.