Last month, as governments were increasingly directing their citizens to social distancing and self-isolation measures as a step towards reducing the spreading rate of the novel coronavirus, (CS)²AI conducted a flash poll to gauge our members’ perspectives on this unprecedented situation. We particularly wanted to know how the sudden rush to teleworking was affecting them and the security of the ICS/OT environments they defended. To keep things brief, we asked very few questions.
Here’s what you told us:
Question 1: Has your ICS/OT cyber security team been impacted by coronavirus-related events? (Pick one)
It’s important to note that governmental leaders continued to issue work-from-home orders after our poll, so these numbers may reflect only a snapshot of things as they stood in the latter weeks of March 2020. The situation continues to evolve and will do so for the foreseeable future, with complexities of exceptions to orders based on differing definitions of “essential” personnel and businesses and shifting priorities.
Question 2: Are you concerned about going to work during this outbreak? (Pick one)
Somewhat of a ‘finger-on-the-pulse’ question, we wanted to know how our members perceived the threat to them personally if they continued their normal work routines. For the nearly one-third (32.6%) already telecommuting, the pandemic had no impact on their working situation. Of the other two-thirds (67.4%), respondents were more than twice as likely to be concerned that continued needs to be physically present at work increased their risk of exposure to the virus.
Question 3: Do you believe this outbreak’s impact on the workforce increases risks to your ICS/OT systems? (Pick one)
Being who and what we are, the question of how anything stands to affect the risk profile of ICS/OT systems and assets is one we ask continually. We were surprised to see less than 6 point difference between those who expect increased risk to their systems from coronavirus impacts on their workforce (52.7%) and those who believe their security measures sufficient despite staff illnesses or shifts to telework. That being the case, this data may also be affected by developing events; it is possible that the approximately two-thirds not already working remotely 100% of the time (see previous question, above) did not anticipate the ongoing rollout of work-from-home orders and its application to their workforce.
With so much of the current crisis, governmental and business responses ongoing, (CS)2AI will continue to check in with our member base as things continue to develop.
Stay safe out there.