Q4_1 ~ Q4_7 How has your organization dealt with the following types of cyber attacks? (NB: Multiple choices allowed)
This result suggests that the office terminals used in the IT area or OT area became an intrusion point. Instead of implementing measures for IT and OT individually, measures that assume that attacks on IT (email, web) will reach ICS are necessary. A mechanism for network segmentation, appropriate access control, and detection of anomalies in internal routes is required.
１-３ Difficult to take measures to prevent recurrence of cybersecurity improvements
Despite these circumstances, when asked if their organizations have improved their cybersecurity after incidents, only 43% of respondents answered that they “always/usually make improvements.” Lower than the overall average of 52%, this trend is common to the US, Germany, and Japan, and Japan has a gap of 19 points from the TOP manufacturing industry. In addition, 4% of respondents answered that “We rarely make improvements”, which is higher than other industries.
Q10：Thinking about the last 12 months, post-incident, does your organization make cybersecurity improvements in order to minimize the risks of future attacks? (N＝829)
Compared to other industries, the disrupted time during cyberattacks is longer and the amount of damage is large, but the result is that they appear to be reluctant to improve cybersecurity. As mentioned above, it is difficult to stop the system, and even maintenance is required once a year, assuming continuous operation.
Considering the priority of the manufacturing process, there is a possibility that business risks (quality deterioration, decrease in production volume, unstable supply) are avoided by not taking security measures. But the idea of dealing with damage after it happens means that you are underestimating the risk. Such industries have limited opportunities to introduce countermeasures, and when introducing them, careful consideration and careful and short-term introduction are required. Achieving this requires strong leadership from management.
In the oil & gas industry, there is an overwhelming need for enhanced security from partners and customers, and immediate measures are required.
１-４ Drivers of enhanced security are requests from partners and customers and compliance with regulations
We analyzed how the reasons for implementing cybersecurity measures have changed by dividing them into “past*” and “next 3 years”, focusing on the items with the largest rate of change.
We found that business partner/client/customer demand was the strongest driver, with the highest GAP of 6.5 points over the past and next three years. Japan and Germany have increased by 12.0 points and 5.3 points respectively, indicating that external requests are extremely high.
*As of the survey (February to March 2022)
The percentage of cloud systems implemented or scheduled to be implemented also increased by 5.4%. This is 4.2% higher than the industry average of 1.2%, which is larger than other industries. Here too, Japan and Germany show high percentages.
Although the points will drop three years from now, the 5G implementation/implementation plan was selected as the number one initiative so far and received a high score, especially in Japan, the score was very high at 38.6%.
In the US, on the other hand, 31.6% of drivers cited “to comply with industry regulations” as the highest driver, a gap of 11.2% between the past and the future. Germany, on the other hand, fell in priority.
Q19. Until now, what have been your organization’s top two reasons for implementing cybersecurity measures to protect your ICS/OT systems?
Q20.What do you believe your organization’s top two reasons for implementing cybersecurity measures to protect your ICS/OT systems are over the next three years？(NB: Multiple choices allowed)
Although there are variations from country to country, the following can be said as common across the industry:
- Since the number of actual damages and attacks is expected to increase in the future, the government is tightening regulations, and compliance with various guidelines is strongly required.
- Partners and customers will have stricter security requirements for business partners in order to reduce the impact on their own companies due to the increase in attacks and to establish supply chain security.
- It can be seen that the company is trying to rapidly take on the challenges of new technologies such as cloud computing and 5G implementation. In the midst of intensifying competition, we believe that the background is the challenge of DX support in order to increase the profitability of the business.
２ Trend Micro Proposal
Below is an outline of the current status of the oil & gas industry, as well as Trend Micro’s proposals to address them, as revealed by this survey and its analysis:
|Current status of the oil & gas industry||Trend Micro Proposal|
|Despite the high financial impact of security incidents, it is difficult to implement security countermeasures due to reasons unique to the manufacturing process.||Strong leadership of management is required|
|Office terminals used in IT or OT are often subject to cyberattacks, causing system outages.||Regardless of whether it is existing or new in the IT/OT environment, implement security measures that match the characteristics of each. On top of that, in light of the expanding Attack Surface and the presence of attacks that cross environments due to the ever-changing company environment, we will develop risk visualization and threat detection/response capabilities across the entire environment without blind spots.|
|Ambitious to challenge new technologies such as cloud and 5G to survive intensifying competition|
The details of IT/OT security in the oil & gas industry and Trend Micro’s proposal are described in detail here.
A full version of these findings can be downloaded here. It details the challenges faced by manufacturing, power, and oil and gas companies, their causes, and the state of industrial cybersecurity.