Middle East-based energy, manufacturing and transportation firms face significant threats to their Industrial Control Systems (ICS), according to a new report.

The report by Booz Allen Hamilton, a global consulting and technology firm, highlights threats to ICS in 2016 and 2017, and the most effective measures to counter them.

The report, titled Industrial Cybersecurity Threat Briefing, revealed that these systems control and automate significant portions of our connected lives today, and impact industries such as manufacturing, pharmaceuticals, transportation, energy and petrochemicals, among others.  

In a 2015 survey of 314 organisations operating ICS around the world, 20 per cent of whom are based in the Middle East, over 100 respondents indicated that their control systems were breached more than twice in the previous 12 months.

ICS are unique in terms of cybersecurity, as the systems sit at the intersection of the digital world and the real world, where cyber-attacks can cause physical destruction and even death.

Recent statistics continue to drive home the seriousness of industrial cybersecurity: across sectors, average annual losses to companies worldwide from cyber-attacks now exceed $7.7 million according to the Ponemon Institute.

Industrial sectors such as energy, manufacturing, utilities and transportation are amongst the most at risk. The ICS Cyber Emergency Response Team (ICS-CERT) has reported more than 800 cybersecurity incidents globally since 2011, with most occurring in the energy sector.

Cyber-attacks against oil and gas firms in the Middle East made up more than 50 per cent of registered occurrences in the region, according to Repository of Industrial Security Incidents (RISI) data.

Conversely, in the US and other Western countries, they account for fewer than 30 per cent of recorded instances.

The report warns of a cyber environment that has become more hazardous than ever before to ICS operators. Dr Mahir Nayfeh, senior vice president at Booz Allen Hamilton, said: “The path to success lies in ensuring a comprehensive approach that enables stakeholders to collaborate in addressing shared, multidimensional cyber issues. Mitigating risk requires more than just tuning firewalls and applying patches; it also involves investing in human capital, and training on policies and procedures.”