Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Denver news in your inbox
Catch up on the most important stories affecting your hometown with Axios Denver
Des Moines news in your inbox
Catch up on the most important stories affecting your hometown with Axios Des Moines
Minneapolis-St. Paul news in your inbox
Catch up on the most important stories affecting your hometown with Axios Twin Cities
Tampa Bay news in your inbox
Catch up on the most important stories affecting your hometown with Axios Tampa Bay
Charlotte news in your inbox
Catch up on the most important stories affecting your hometown with Axios Charlotte
An employee works on a Volkswagen e-Golf automobile in Dresden in 2018. Photo: Jens Schlueter/Getty Image
35% of global industrial plants have no response plan in case of cyberattacks, according to a survey conducted by Siemens and the Ponemon Institute.
Why it matters: The consensus among cybersecurity experts is to treat breaches as inevitable and plan ahead for resiliency. That can be particularly important in industrial systems, where physical safety and plant operations can hinge on the uptime of single systems.
The report sampled 1,726 employees of industrial companies scattered around the globe.
By the numbers: Only 42% of respondents rated their readiness for cyber attacks as "high."
- While that number might be off since people aren't always the best judges of their own work, Siemens head of industrial cybersecurity Leo Simonovich told Axios that a low number actually speaks well of a community waking up to its vulnerability.
- "We’ve seen a real awareness of the problem," he said. "The first step is identifying the threat."
From the survey, and confirmed by most experts' on-the-ground experience, Simonovich said there were three key problems that appear to plague industrial cybersecurity.
- Experts aren't in charge. At the majority of plants, it's plant managers or industrial engineers, rather than cybersecurity experts, who run cybersecurity.
- Low visibility. Unlike with traditional business networks, industrial networks often lack the tools to see what's going on in a network, which is critical in catching hackers. That, too, is getting better.
- Staffing. This, said Simonovich, goes beyond the well-publicized global shortage of cybersecurity talent. Just as plant managers don't know the ins and outs of cybersecurity, cybersecurity talent often does not understand industrial machines that can frequently shut down when subjected to traditional cybersecurity processes.
- "There's a lack of people who understand industrial controls, networking, security, and heavy machinery," he said. "One person needs at least 2-3 out of the four. "