TUV Rheinland: Cyber Hazards for Operational Technology Underestimated

Study on cybersecurity in operational technology / Many companies are not aware of risks / Study can be downloaded at https://www.tuvopensky.com/resources/white-papers/industrial-security-2019/

Cologne, Littleton (USA), Singapore, January 16, 2019: TÜV Rheinland, a leading expert in digital transformation and cybersecurity, today announced the results of a worldwide study, exploring how 370 industrial organizations protect their operational technology (OT) assets from cyberattacks. The findings show that as hackers increasingly attack OT, many companies are not aware of the threats cyberattacks pose to their OT assets. Moreover, their measures for cybersecurity are usually not tailored to operational technology.

Lack of concern toward OT cybersecurity is worrying
In the study entitled “Industrial Security in 2019: A TÜV Rheinland Perspective”, 40 percent of respondents stated that they had never assessed the risks posed by cyberattacks on their operational technology. A further 34 percent do not know whether their own company has ever investigated these risks. In addition, only one in five companies has tailored its measures for cybersecurity to operational technology. “The fact that OT cybersecurity is obviously not of high priority is worrying. Attacks from the Internet can shut down entire plants, which can result in production downtime and higher costs,” comments Nigel Stanley, Chief Technology Officer, Operational Technology and Industrial Cybersecurity at TÜV Rheinland.

Preventing hazards from the Internet
In the study, the authors emphasize the complexity of OT security in a networked world. For instance: Enterprise IT applications are constantly updated to respond to new threats. But computer controls for OT systems are not typically updated regularly. “Whether or not an OT system is connected to the Internet, preventive cybersecurity measures based on an understanding of the OT risk are a must. This is especially important as the safety of OT systems can be undermined by cybersecurity attacks,” says Nigel Stanley.

Protecting production data from theft
Those responsible should think about how to protect their own production facilities from physical intrusion. “Whoever is responsible for OT security should consider whether an intruder could insert a rogue USB stick into a system,” Stanley says. “A lot of valuable intellectual property is found in industrial plants and data theft can be just as rewarding for some hackers as disrupting the plant production line.”

Operational Technology (OT)
Operational technology is the name given to the computerized systems used to control physical assets such as valves, motors and pumps. Its use is prevalent across many industries and sectors including oil and gas, transportation, building management systems, water treatment plants and critical national infrastructure. Experts from TÜV Rheinland already have identified Operational Technology as a frontline for cyberattacks in their Cybersecurity Trends Report. The report can be downloaded at: https://www.tuvopensky.com/resources/white-papers/cybersecurity-trends-2018/

The study
The study was conducted by IT analysts from Bloor Research, who administered an online survey to 370 managers from companies worldwide, inquiring about how they protect their OT assets. While almost 70 percent of the respondents work in the manufacturing industry, a variety of other industries were also represented, including automotive, oil and gas, telecommunications, energy, chemical, logistics and public institutions. The study looks at the aspects of risk assessment, protection against and detection of cyberattacks, and provides information on protective measures and the recovery of assets after a cyberattack. The free study can be downloaded at: https://www.tuvopensky.com/resources/white-papers/industrial-security-2019/

Digital Transformation & Cybersecurity
For over 20 years, TÜV Rheinland’s Digital Transformation & Cybersecurity Business Stream has been helping companies from various industries, government agencies and public institutions use innovative technologies securely. With nearly 1,000 consultants worldwide, our experts have a high level of industry knowledge about digital transformation and cybersecurity. In an increasingly vulnerable world of networked systems and devices, our cybersecurity solutions aim to combine security and data protection. Our team carries out cybersecurity tests, industrial security tests and data protection tests on the Internet of Things (IoT) and cloud infrastructures, among others.

About TÜV Rheinland

TÜV Rheinland is one of the world’s leading independent testing service providers with 145 years of tradition. Employing over 20,000 people around the globe, TÜV Rheinland generates an annual turnover of almost 2 billion euros. The independent experts stand for the quality and safety of people, technology and the environment in almost all areas of business and life. TÜV Rheinland inspects technical facilities, products and services, accompanies projects, processes and information security for companies. The experts train people in numerous professions and industries. TÜV Rheinland has a global network of recognized laboratories, testing centers and training centers at its disposal for this purpose. Since 2006, TÜV Rheinland has been a member of the United Nations Global Compact for greater sustainability and against corruption. Website:www.tuv.com.


About TUV Rheinland OpenSky

TUV Rheinland OpenSky offers one of the most advanced and integrated portfolios of security solutions and services for connected devices, platforms and Internet of Things (IoT) with the mission to enable a secure and safe digital future. We provide advisory, consulting, systems integration, testing, certification and managed security services for connected platforms in three core disciplines: Advanced Cyber Defense; Mastering Risk and Compliance and Secure Cloud Enablement. Our experts help clients protect information assets, minimize risk and accelerate the adoption of enabling technologies by taking a holistic risk-based approach that addresses Cybersecurity, Privacy, Cloud Infrastructure and Functional Safety requirements to build trusted, connected platforms.

With headquarters in Littleton, MA, TUV Rheinland OpenSky is a subsidiary of TUV Rheinland Group, which operates some of the world’s broadest smart device and IoT testing labs, defining industry standards for functional safety and security, and a leading provider of inspection and assurance services that combine safety, quality and security certifications.


Contact: Norman Hübner, TÜV Rheinland, Press, phone: +49 2 21/8 06-3060
Current press releases, as well as photo and video footage, are available on request by email to presse@de.tuv.com or on www.tuv.com/press.

Before you leave…
want to sign up for our newsletter?