Deployment of Cybersecurity Controls in the Norwegian Industry 4.0
Original version
ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security. 2024. 10.1145/3664476.3670896Abstract
Cybersecurity threats and attacks on Industry are increasing, and the outcome of a successful cyber-attack can be severe for organizations. A successful cyber-attack on an Industry where Cyber-Physical Systems are present can be particularly devastating as such systems could cause harm to people and the environment if they malfunction. This paper reports on the results of a survey investigating what security measures organizations implement within the industry to strengthen their security posture. The survey instrument used has been developed using the NIST Special Publication "Guide to Operational Technology" and contained 70 questions to determine the level of security controls deployed within the Norwegian Industry. The results show that the average usage of the different security controls is 63%, and 53% of the organizations have a security controls usage of 60% or more. The most used security control is backup of critical software, whereas the two least used are specific-OT cybersecurity training and response planning. Both are highlighted as areas for improvement. Dedicated OT security standards have not been found to influence the level of security controls used. However, employees within an organization following a dedicated security standard have higher cybersecurity knowledge.