New Research Finds Cyberattacks Against Critical Infrastructure on the Rise

  • State-affiliated Groups Responsible for nearly 60%
  • 60% of incidents result in operational disruption, driving the need for proactive OT defenses and incident response

The topics of this time are Cybersecurity, Sustainability, and Workforce with the impact of AI playing on all three. This news from Rockwell Automation focuses on Cybersecurity. It has released a report on an in-depth study of the topic by Cyentia Institute. The report is comprehensive deserving of a thorough read.

Rockwell Automation announced the findings of its report “Anatomy of 100+ Cybersecurity Incidents in Industrial Operations.” The global study conducted by Cyentia Institute analyzed 122 cybersecurity events that included a direct compromise of operational technology (OT) and/or industrial control system (ICS) operations, collecting and reviewing nearly 100 data points for each incident.

Don’t think you are immune from global politics. Unfortunately.

The first edition of the report finds nearly 60% of cyberattacks against the industrial sector are led by state-affiliated actors and often unintentionally enabled by internal personnel (about 33% of the time). This corroborates other industry research showing OT/ICS security incidents are increasing in volume and frequency, and are targeting critical infrastructure, such as energy producers.

“Energy, critical manufacturing, water treatment and nuclear facilities are among the types of critical infrastructure industries under attack in the majority of reported incidents,” said Mark Cristiano, commercial director of Global Cybersecurity Services at Rockwell Automation. “Anticipating that stricter regulations and standards for reporting cybersecurity attacks will become commonplace, the market can expect to gain invaluable insights regarding the nature and severity of attacks and the defenses necessary to prevent them in the future.”

  • OT/ICS cybersecurity incidents in the last three years have already exceeded the total number reported between 1991-2000. 
  • Threat actors are most intensely focused on the energy sector (39% of attacks) – over three times more than the next most frequently attacked verticals, critical manufacturing (11%) and transportation (10%). 
  • Phishing remains the most popular attack technique (34%), underscoring the importance of cybersecurity tactics such as segmentation, air gapping, Zero Trust and security awareness training to mitigate risks. 
  • In more than half of OT/ICS incidents, Supervisory Control and Data Acquisition (SCADA) systems are targeted (53%), with Programmable Logic Controllers (PLCs) as the next-most-common target (22%).
  • More than 80% of threat actors come from outside organizations, yet insiders play an unintentional role in opening the door for threat actors in approximately one-third of incidents.  

In the OT/ICS incidents studied, 60% resulted in operational disruption and 40% resulted in unauthorized access or data exposure. However, the damage of cyberattacks extends beyond the impacted enterprise, as broader supply chains were also impacted 65% of the time.

The research indicates strengthening the security of IT systems is crucial to combatting cyberattacks on critical infrastructure and manufacturing facilities. More than 80% of the OT/ICS incidents analyzed started with an IT system compromise, attributed to increasing interconnectivity across IT and OT systems and applications. The IT network enables communication between OT networks and the outside world and acts as an entryway for OT threat actors. Deploying proper network architecture is critical to strengthening an organization’s cybersecurity defenses. It is no longer enough to simply implement a firewall between IT and OT environments. Because networks and devices are connected daily into OT/ICS environments, this exposes equipment in most industrial environments to sophisticated adversaries. Having a strong, modern OT/ICS security program must be a part of every industrial organization’s responsibility to maintain safe, secure operations and availability.


For this report, Rockwell Automation commissioned the Cyentia Institute to analyze data from 122 cybersecurity events across the globe, which occurred from 1982-2022. The Cyentia Institute’s team collected and analyzed nearly 100 data points surrounding individual incidents involving the direct compromise or disruption of OT/ICS systems. The resulting report was developed to share instructive insights about actual OT/ICS cybersecurity attack activity.

The Cyentia Institute is a research and data science firm dedicated to the mission of advancing knowledge in the cybersecurity industry. We accomplish this by partnering with a variety of organizations to perform comprehensive data analysis and publish high-quality, data-driven research. 

Honeywell To Acquire SCADAfence Strengthening Cybersecurity Portfolio

  • • SCADAfence will integrate into the Honeywell Forge Cybersecurity+ suite providing expanded asset discovery, threat detection, and compliance management capabilities.
  • SCADAfence extends Honeywell’s OT cybersecurity portfolio to build upon its comprehensive professional services, managed security services, and software solutions. 

With the announcement of this major cybersecurity acquisition, Honeywell communications offered me the opportunity to talk with Michael Ruiz, the new VP/GM Cyber Innovation.

He joined in January, tasked with moving cybersecurity from services to a comprehensive product/services offering to offer more complete solutions for customers. Honeywell has had a strong but not necessarily cohesive solution across the various parts of the company—industrial, building, and aerospace. Evaluating companies across the cyber ecosystem and evaluating make vs. buy, the team saw the opportunity to acquire SCADAfence and it looked like a great fit.

I’m sure that history had much to do with the divisional structure within the conglomerate. The development of Honeywell Connect as a concentrated software arm of the company only a few years ago has enabled this sort of cross-industry thinking. Every domain has cyber issues. Gathering these together under one portfolio should provide a comprehensive and collaborative product/service portfolio.

Notes from the news release:

Honeywell announced July 10 it has agreed to acquire SCADAfence, a leading provider of operational technology (OT) and Internet of Things (IoT) cybersecurity solutions for monitoring large-scale networks. SCADAfence brings proven capabilities in asset discovery, threat detection and security governance which are key to industrial and buildings management cybersecurity programs.

The SCADAfence product portfolio will integrate into the Honeywell Forge Cybersecurity+ suite within Honeywell Connected Enterprise, Honeywell’s fast-growing software arm with strategic focus on digitalization, sustainability and OT cybersecurity SaaS offerings and solutions. This integration will enable Honeywell to provide an end-to-end enterprise OT cybersecurity solution to site managers, operations management and CISOs seeking enterprise security management and situational awareness. The acquisition strengthens existing capabilities in cybersecurity and bolsters Honeywell’s high-growth OT cybersecurity portfolio, helping customers operate more securely, reliably and efficiently.

SCADAfence is headquartered in Tel Aviv, Israel and will expand Honeywell’s Cybersecurity Center of Excellence in Tel Aviv. Honeywell has been implementing OT cybersecurity solutions for more than twenty years, delivering thousands of projects in over 130 countries with more than 500 employees worldwide focused specifically on OT cybersecurity.

The transaction is now complete.

Data Security Platform Developer Releases Two Announcements

Laminar Announces AWS Built-in Solution for Data Security

Here is a little IT news. A start up I’ve not heard about before, Laminar, has built a data security platform working with the large cloud providers. It has recently published two announcements. 

The first announcement reveals it has worked with Amazon Web Services (AWS) to complete an AWS built-in co-build solution that automatically installs, configures, and integrates with native AWS Cloud Foundational Services across multiple domains such as identity, security, and operations.

Laminar is a member of the AWS Partner Network (APN) that built their software solution to include foundational AWS services like AWS CloudTrail, AWS Control Tower, and AWS Organizations to decrease risk, reduce operational overhead, and provide consistent observability in cloud environments. Utilizing a well-architected Modular Code Repository (MCR) that is both validated by AWS and designed specifically to add value to a partner solution, Laminar is equipped to help customers achieve their goals for scale, simplicity, and cost savings.

“By utilizing an AWS built-in co-build solution with the Laminar Data Security Platform, organizations will be able to gain the visibility and control needed to continue cloud data growth across AWS services while keeping it protected,” said Amit Shaked, CEO and co-founder, Laminar.

Laminar’s AWS built-in solution comes built in with AWS CloudTrail, making it easier for customers to discover, classify, secure, and monitor their sensitive data in the cloud. By processing CloudTrail logs, Laminar provides automated data detection and response (DDR) – alerting customers to real-time threats to their data and streamlining quick remediation. Laminar also helps identify the root cause of the data threat with event timelines and data access flowcharts.

The news is the latest development in Laminar’s deepening relationship with AWS. The company was also selected to be a launch partner for Amazon Security Lake at AWS re:Invent last November. Furthermore, Laminar’s platform was the first pure-play data security posture management (DSPM) to be named an AWS Security Competency Partner in the new Data Protection category, and has received the Amazon Relational Database Service (RDS) Ready Product Designation.

Laminar Announced as Launch Partner for Wiz Integration (WIN) Platform

Laminar announces its partnership with leading cloud security provider, Wiz as the company unveils Wiz Integration (WIN) Platform. Laminar, hand selected as a launch partner, brings the power of the Laminar Data Security Platform to WIN, to improve customer understanding of how cloud vulnerabilities may put their sensitive data at risk.

The integration between Wiz and Laminar optimizes the value of both platforms while enabling organizations to more efficiently and effectively secure their public cloud environments. With this integration, data security teams can use the Laminar Platform to secure overexposed and unprotected data, remediate misplaced data, and delete any redundant, obsolete, or trivial (ROT) data — which ultimately ensures a more secure, hygienic data environment that meets compliance requirements. Pairing all of this data security posture with the Wiz platform allows cloud security teams to better understand how to prioritize cloud infrastructure vulnerabilities.

WIN enables Wiz and Laminar to share prioritized security findings with context including inventory, vulnerabilities, issues, and configuration findings. Mutual customers receive the following benefits:

  • Prevent Sensitive Data Exposure – Laminar enriches Wiz with a layer of data context that gives organizations additional visibility into the full impact of each attack path and issues.
  • Ruthless Prioritization – In collaboration with Laminar, Wiz enables infrastructure security teams to focus on issues that impact highly sensitive data first.
  • Streamline Collaboration and Remediation Workflows – With the joint solution, data security and infrastructure teams share data with a common view to contain and remediate risk faster.

WIN is designed to enable a cloud security operating model where security and cloud teams work collaboratively to understand and control risks across their CI/CD pipeline. Wiz is setting the industry standard in integrated solution strategy to maximize operational capabilities of organizations with partners like Laminar in WIN.

Cyber Integrity Software Update Released

I’m still catching up from the flurry of press releases in April and early May. This one from Hexagon Asset Lifecycle Intelligence and from the PAS group they acquired a couple of years ago. The new version is PAS Cyber Integrity 7.3. Updates include:

  • Delivering an enterprise-wide, holistic image of multiple risk domains with a clear understanding of vulnerabilities and enhanced risk-based decision-making
  • Utilizing proprietary risk scoring to rapidly identify risks in the environment of greatest concern while simultaneously considering the vulnerabilities and patching level of various assets
  • Precisely identifying systems at risk of penetration or exploit and providing meaningful and actionable data regarding risk level, vulnerabilities for remediation and the associated patches and upgrade paths providing the highest value
  • Prioritizing risk-reducing and vulnerability remediation activities that shrink the attack surface and quickly providing paths that reduce the greatest risk, with the least amount of effort

Honeywell Cyber Insights Announcement

Honeywell began sending press releases about things called Forge and Connect and Connected Enterprise in 2019. I was puzzled. Then came the pandemic making contact and conversations difficult. I think this was much like initiatives from a few other former automation companies now trying to become software companies—they had some ideas and appointed some GMs, but they were feeling their way forward, as well.

I was confused again this month. There was registration for something called Honeywell Connect, and then pre-brief for Honeywell Connect (for which I never received a link) and then for Honeywell User Group (HUG). I registered for so many things, I wasn’t sure what was next. Then there’s the issue that HUG is in Orlando—and I’m tired of going to Orlando and supporting Florida. 

Yesterday was Honeywell Connect—a series of announcements from the Honeywell Connected Enterprise group. The big announcement that concerns me follows.  HUG follows June 19 for the process systems group. That one is live. As it stands now, I’ll be there. If you’d like to connect and give me your thoughts on using all this new technology or where AR/VR is going, ping me at [email protected].

The big news from Connect is the release of Cyber Insights for operational technology applications. Its focus is improving the availability, reliability and safety of their industrial control systems and operations. Cyber Insights is designed to integrate information from multiple OT data sources in order to provide a customer with actionable insights into their facility’s cybersecurity vulnerabilities, threats and compliance, thereby helping reduce their overall cybersecurity risks.

Cyber Insights brings a tailored approach by providing a purpose-built cybersecurity solution for OT environments and users. It is designed to offer a site-level view of a facility’s cybersecurity posture and provide insights into security events, vulnerabilities, active threats and to manage compliance. Cyber Insights can help organizations strengthen their cyber resilience and respond faster to incidents through access to critical information at the right time.

Cyber Insights is pre-configured for OT use, with already available customization options designed to address certain needs specific to different industrial environments, while being vendor agnostic so that it can deployed on Honeywell control systems as well as many other systems. It is also deployed, supported and maintained by Honeywell Cyber Care services during the applicable subscription license term to help customers maintain continuous tuning and optimization as required for any system to run in peak form.

Public Cloud Data Breaches, Shadow Data Concerns Show Steep Rise

Cyber security must be the topic most showing up in my inbox over the past year or two. Every company is performing its own surveys and reports. That must mean there is no definitive analyst firm covering that subject. This survey and report from a company called Laminar looks at public clouds.

To tackle skyrocketing cloud data security issues, 97% of organizations now have a dedicated data security team.

Looks like its definition of public cloud includes AWS, Azure, GCP, and Snowflake (more on Snowflake in a post coming soon). Further, Laminar looks to “shadow data” as a particular function of concern. Shadow, or unknown, unmanaged data is growing as users now can proliferate data in just a few clicks. Shadow data can occur when copied data lives on in test environments, data gets mis-placed in storage buckets, legacy data isn’t deleted after a cloud migration, data logs become toxic, and orphaned backups are left stale.

The fast pace of cloud transformation and democratization of data has created a new innovation attack surface, leading to 3 in 4 organizations experiencing a cloud data breach in 2022 and the overwhelming majority (68%) of data security professionals naming shadow data as the No.1 concern of protecting cloud data. The State of Public Cloud Data Security Report 2023, released by Laminar today, reveals that concern over shadow data has increased to a whopping 93% compared to  82 percent the year before. This finding indicates a need for security teams to evolve processes and technologies to autonomously discover, classify, protect, and remediate sensitive cloud data stores, wherever they are located. 

A full 95% of respondents believe that cloud environments are different enough (than on-premises) to require unique security solutions. Given their concerns about on-premises solutions, more security professionals are considering deploying cloud-native security platforms to improve sensitive data protection. 

● 71% said cloud-native security solutions should provide autonomous scanning

● 63% want to deploy a dynamic, performant platform 

● 54% say such a solution should offer asynchronous operations 

● 53% would like the platform to provide an agentless architecture 

Click to read the full report.

Follow this blog

Get a weekly email of all new posts.