Operational technology under siege: the growing threat of cyber intrusions

Historically, operational technology (OT) has primarily mattered to traditional sectors like manufacturing, energy, transportation, etc. Today, however, any business with any sort of physical presence relies on OT, whether for HVAC systems, inventory management, or security and access. Historically isolated, OT has become increasingly digitised over the years, with technologies like Supervisory Control and Data Acquisition (SCADA) systems enabling real-time monitoring and automation.  

However, this shift has increasingly expanded the tech surface, both physically and digitally, expanding cyber vulnerability with it. In 2024, Fortinet reported that 73% of organisations experienced an intrusion that impacted OT, up from 49% the previous year. As systems become more interconnected and interdependent, largely due to OT’s convergence with IT and IoT, the potential impact of a breach has increased massively. And with new hardware being lowest on the cyber security priority list for C-Suite leaders this year, legacy assets will require more protection than ever to avoid disruption. 

The risks of network convergence and IoT proliferation 

Modern OT environments are no longer isolated, despite often operating on decades-old technology with limited cyber security protections. Unlike software-centric IT assets, OT hardware, such as industrial control systems (ICS), often has lifespans exceeding 20 years. Retrofitting these systems with modern security controls can be costly and technically challenging, so to maximise efficiency, businesses integrate OT with enterprise IT networks and IoT devices, creating interconnected ecosystems, inadvertently creating new entry points for attackers.  

Whilst this improves operational visibility and efficiency, it also blurs the boundaries between administrative and production systems. Cyber attackers can exploit these connections to pivot from IT networks to OT systems, enabling physical disruption. For instance, unpatched vulnerabilities in third-party IoT gateways have been exploited to infiltrate manufacturing systems.  

Geopolitical threats amplify these risks. Critical infrastructure operators – energy providers, water treatment facilities and transportation networks, for example – are prime targets for state-sponsored actors seeking to destabilise services. In 2021, a ransomware attack on a US fuel pipeline caused widespread shortages, demonstrating how OT breaches can have real-world consequences. Enisa in the EU has reported documented incidents of state-sponsored DDoS attacks against utility companies and other critical infrastructure. 

IoT cyber security risks and best practices 

The proliferation of IoT devices in OT environments introduces three notable risks:   

1. Weak authentication: Many IoT devices use default credentials and lack protections like multi-factor authentication, making them easy targets for credential-stuffing attacks.   
2. Insecure communication: Data transmitted between IoT devices and OT networks is often unencrypted, allowing interception.  
3. Firmware vulnerabilities: Manufacturers rarely provide timely updates, leaving devices exposed to known exploits. 

To effectively reap the benefits of IoT without creating unacceptable cyber risk, IoT should be assessed for cyber risk like any other piece of technology, and mitigating action taken where necessary. For example, enforcing network segmentation to isolate IoT devices from critical OT and IT systems, requiring multi-factor authentication for device access, and conducting regular firmware updates and vulnerability assessments. 

Strategies for mitigating OT risk 

As OT becomes increasingly digitised, whether through the introduction of new assets or the connection of old assets to other systems, the associated cyber risk should be assessed and addressed like any other technical system in the organisation. Here are some tips for doing this effectively: 

• Adopt a risk-based cyber security strategy: Prioritise OT assets based on their criticality. For example, power grid controls might demand higher protection than building management systems. 
• Enforce the principle of least privilege: Restrict user and device permissions to minimise the opportunity for lateral movement. 
• Implement multi-factor authentication: Validating access can add critical protections to an interconnected environment. 
• Practice strategic segmentation: Connectivity established in the name of efficiency can create additional paths for cyber breaches and amplify the impact of incidents that do occur. Segmenting OT, IoT and IT networks can help mitigate the risk that interconnectivity introduces, and if done well, it doesn’t need to compromise efficiency.  
• Educate cross-functional teams: OT staff often lack cyber security training, so conduct regular drills and pen tests to help bridge the gap. Remember to be transparent with the results. 
• Update incident response plans: Include OT-specific and -inclusive scenarios in red team exercises, response strategies and disaster recovery protocols. 

The digitisation of OT has unlocked unprecedented efficiency, but it has also introduced new systemic risks. As cyber-physical attacks grow more sophisticated, organisations must move beyond reactive measures. By integrating OT into broader cyber security strategies, enforcing segmentation and modernising legacy systems in a cyber-conscious way, businesses can safeguard their operations.  

Explore how to chart your secure cyber path here or contact our experts to learn more.