Kaspersky Report: Over half of ICS incidents caused by employee errors
卡巴斯基報告：半數以上的工控系統事故由員工失誤造成

August 22, 2019 – According to a new report from Kaspersky, 52% of incidents affecting operational technology and industrial control system (OT/ICS) networks last year were caused by employee errors or unintentional actions. The report, “State of Industrial Cybersecurity 2019,”found this issue to be the result of the growing complexity of industrial infrastructures and a shortage of professionals who understand how to detect new threats as well as low awareness among existing employees.

2019年8月22日——根據卡巴斯基的一份新報告，去年影響運營技術和工控系統（OT/ICS）網絡的事件中有52%是由員工錯誤或無意行為造成的。這份《2019年工業網絡安全狀況》的報告認為，這一問題是工業基礎設施日益復雜、缺乏了解如何檢測新威脅的專業人員以及現有員工認識不足的結果。

According to the survey, digitalization of industrial networks and adoption of Industry 4.0 standards are a priority for many industrial companies. Four out of five organizations (81%) consider operational network digitalization to be an important or very important task for this year.

根據調查，工業網絡數字化和采用工業4.0標準是許多工業公司的優先事項。五分之四的組織（81%）認為運營網絡數字化是今年的一項重要或非常重要的任務。

A majority (87%) of respondents confirmed that OT/ICS cybersecurity is becoming a top priority for industrial companies. However, to achieve the necessary level of protection, they need to invest in dedicated measures and have highly qualified professionals to make them work effectively. Despite stating it as a priority, only just over half of companies (57%) have allocated budget for industrial cybersecurity.

大多數（87%）受訪者明確表示，運營技術/工控系統網絡安全正成為工業企業的重中之重。
但是，為了達到必要的保護水平，他們需要投入專門的措施，并擁有高素質的專業人員，以使他們有效地工作。盡管將其作為優先事項，但只有略多于一半的公司（57%）為工業網絡安全分配了預算。

In addition to budget constraints, there is also a question over skilled staff. Organizations are not only experiencing a lack of cybersecurity experts with the right skills to manage protection for industrial networks, but also are worried that their OT/ICS network operators are not fully aware of the behavior that can cause cybersecurity breaches. These challenges make up the top two major concerns relating to cybersecurity management and directly correlates as to why employee errors cause half of all ICS incidents such as malware infections and more serious targeted attacks.

除了預算限制，還有一個關于技術人員的問題。企業不僅缺乏具備管理工業網絡保護的正確技能的網絡安全專家，還擔心他們的運營技術/工控系統網絡運營商沒有充分意識到可能導致網絡安全漏洞的行為。這些挑戰構成了與網絡安全管理相關的兩大主要問題，并直接關系到為什么員工錯誤會導致一半的工控系統事故，比如惡意軟件感染以及更嚴重的目標攻擊。

In almost half of the companies (45%) surveyed, the employees responsible for IT infrastructure security also oversee the security of OT/ ICS networks. Although operational and corporate networks are becoming increasingly connected, OT and ICS specialists can often have different approaches (37%) and goals (18%) when it comes to cybersecurity.

在接受調查的近一半公司（45%）中，負責信息技術基礎設施安全的員工也負責監督運營技術/工控系統網絡的安全。盡管運營和企業網絡越來越緊密地聯系在一起，但在網絡安全方面，運營技術和工控系統專家通常會有不同的方法（37%）和目標（18%）。

In addition to a technical and awareness boost for industrial cybersecurity, organizations must consider specific protection for Industrial IoT which can become highly connected externally. Almost half of companies (41%) are ready to connect their OT/ICS network to the cloud using preventive maintenance or digital twins.

除了提高工業網絡安全的技術和意識，這些公司還必須考慮對工業物聯網的特殊保護，因為工業物聯網可以與外部高度連接。幾乎一半的公司（41%）準備使用預防性維護或數字孿生將其運營技術/工控系統網絡連接到云。

“As this ARC Advisory Group survey conducted on behalf of Kaspersky reflects, the growing interconnection between IIoT edge devices and cloud services continues to stand as a security challenge,” said Dr. Jesus Molina, chair, IIC Security Working Group and director of business development, Waterfall Security Solutions. “It was a major driver for the creation of the IIC Industrial Internet of Things Security Framework as well as the subsequent best practices documents and recent IoT Security Maturity Model.”

工業互聯網聯盟（IIC）安全工作組主席、Waterfall安全解決方案業務發展總監Jesus Molina博士表示：“正如ARC咨詢公司代表卡巴斯基進行的調查所反映的那樣，工業物聯網邊緣設備和云服務之間日益增長的互連仍然是一大安全挑戰。它是創建IIC工業物聯網安全框架，以及隨后的最佳實踐文檔和最近的物聯網安全成熟度模型的最主要推動力。”