Honeywell recently released a new study showing that ransomware threats against industrial operators and manufacturers have grown significantly. Specifically, the study found that ransomware attacks increased by 46% in the first quarter of 2025. While this increase has impacted a range of industrial sectors, Honeywell concluded that agriculture and food production has been the most affected. However, we know that other OT networks such as drinking water infrastructure have become vulnerable to attacks.
As the threat of attacks continues to grow, preparedness has yet to catch up. Data from TXOne’s 2024 Annual OT/ICS Cybersecurity Report “found that 85% of organizations don’t conduct regular patching. A majority install patches quarterly or less often, which leaves them exposed to attacks for extended periods of time,” according to Security Week. Considering this apparent need for operators to better equip themselves with cybersecurity protections, there have been a number of efforts launched. For instance, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a guide in January designed to help OT operators prioritize security when selecting OT products.
NSA Smart OT Controller Security
In addition to the guide published alongside the CISA, the NSA put out a study in April that furthered their focus on the evolving OT landscape. As the agency explained, the convergence of IT and OT has put OT at increased risk, which is especially worrisome for National Security Systems (NSS). They pose that there must be rigorous “robust security policies and technical security requirements” in place. To identify how best to approach these requirements, their study focused specifically on smart controllers, which as they explain “are intelligent OT embedded devices with enhanced capabilities, such as advanced processing power, integrated communication features, and edge computing abilities that are normally associated with network devices.”
Military Cybersecurity
The concentration on NSS and military-related systems is also reflected in a recent report published by the Department of the Air Force. The report is centered around C-SCRM, which the department describes as “a systematic process for managing exposure to cybersecurity risks throughout the supply chain and developing appropriate response strategies, policies, processes, and procedures at all levels of the organization.”
It goes on to explain that military OT is currently aligned with the Risk Management Framework (RMF) and the Cyber Resilience Engineering Framework (CREF). But soon to follow, “Services will evaluate themselves to NIST CSF 2.0.” NIST CSF 2.0 is meant to provide a more detailed understanding of the growing complexities of risk, including the rising role of AI. The 2.0 framework is also created to be adaptable to specific needs and strategies.
While both the NSA and Air Force’s reports zoom in on military systems, the urgency and approach to amplifying OT cybersecurity is critical for industrial sectors across the board. It is likely that what we see happening in these specific sectors will be adopted more broadly.
Sources:
- “New Honeywell 2025 Cyber Threat Report reveals ransomware surges 46 percent with OT systems as key targets” – Anna Ribeiro, Industrial Cyber
- “Organizations Still Not Patching OT Due to Disruption Concerns: Survey” – Eduard Kovacs, SecurityWeek
https://www.securityweek.com/organizations-still-not-patching-ot-due-to-disruption-concerns-survey/
- “NSA and Others Publish Guidance for Secure OT Product Selection” – National Security Agency
- “Operational Technology Assurance Partnership: Smart Controller Security within National Security Systems” – National Security Agency
- “The Cyber Cake: The Future of Department of the Air Force Cybersecurity” – Department of Air Force
