The term “cyber attack” brings ransomware and stolen data to mind, but today there’s a quieter yet equally devastating war being waged against industrial control systems (ICS) and operational technology (OT). These are the kinds of systems that keep power grids humming, water flowing, and factories running.
Recent years have seen an explosion of OT-specific malware—the volume of malware targeting OT systems over the last three years alone eclipses the total from the previous decade. Tools like Industroyer2 and CosmicEnergy are increasingly being used to compromise critical infrastructure, demonstrating how much effort attackers are putting into exploiting these systems.
Why OT Systems Are Becoming Prime Targets
Why are attackers so focused on OT systems? They are more vulnerable today than they have ever previously been.
-
IT-OT convergence: IT (information technology) and OT (operational technology) increasingly interoperate and overlap. The rise of IoT devices and the adoption of cloud-based solutions have created a more connected ecosystem—and a wider attack surface. Devices and systems that were once isolated from networks are now integrated, leaving them accessible to attackers.
-
Remote access risks: As organizations embrace remote work, remote maintenance, and new kinds of automation, the embedded devices in their universe become more vulnerable to attackers. Tools designed for convenience or automation, like remote monitoring systems or APIs, are increasingly exploited by hackers to infiltrate OT environments.
-
Internet-accessible, yet outdated devices: OT environments are increasingly integrated into networks and remote management, yet most OT environments remain patchworks of older and newer, complex and simpler devices, with many relying on outdated or protocols or configurations that are either outdated or not designed with security in mind.
Where OT Systems Are Most Vulnerable
IT and OT environments often present multiple vulnerabilities that make them increasingly accessible targets, including:
-
Outdated authentication: Simple user-pass authentication with limited or no password complexity enforcement—and a practical tendency for OEM default credentials to remain in production environments—are still all too common.
-
Insecure communications: Configurations or devices that rely on legacy, unencrypted protocols and services for communication, often make for easy targets of a kind that were largely eliminated from IT systems years ago.
-
Legacy systems: Devices that remain in production for years or even decades without firmware or software updates, and that are rarely audited even as networks evolve around them, are often key vulnerabilities.
-
Poor configuration: Many ICS and OT devices are placed into service with default or near-default configurations that aren’t optimized for security.
These vulnerabilities might seem like basic oversights, but they often make ICS and OT devices into soft targets in ways that can have catastrophic consequences when exploited.
Beyond the Purdue Model: Three Steps to Strengthen Your Defenses
For years, organizations leaned the “Purdue Model” to protect ICS networks. This framework organizes systems into hierarchical layers, isolating IT and OT to limit the spread of potential attacks. At its core is the concept of an “air gap” between the two environments—a physical or logical separation meant to keep OT safe from IT threats.
Unfortunately, the air gap simply isn’t plausible for many organizations today, with IoT devices and cloud integrations bridging the gap. This means that attackers can often find their way into OT systems via IT networks.
The good news? Protecting ICS and OT systems doesn’t have to mean tearing everything down and starting over. With the right strategies, organizations can significantly reduce their risk. Here are three key steps to get started:
-
Map your digital perimeter. Understanding your attack surface is the first line of defense. Many organizations focus on internal OT assets but neglect external risks. Tools like Kamerka GUI can help map internet-facing devices and identify vulnerabilities that could be exploited. By regularly scanning your external attack surface, you can address gaps before attackers do.
-
Keep hackers out of their own toolbox. One of the most dangerous trends in cyberattacks is the misuse of legitimate tools. Hackers are increasingly using remote monitoring and management (RMM) software to gain access to systems. To combat this, organizations should block unauthorized RMM tools and use community-driven resources like LOLRMM to identify risky applications. Integrating these lists into XDR, SIEM, or EDR solutions can provide an additional layer of defense.
-
Test before they do. The best way to know if your defenses work? Test them. MITRE Caldera is a powerful, free tool that simulates real-world attacks in a controlled environment. Its OT plugin can even test specific protocols like BACnet and DNP3, helping organizations identify weaknesses and improve their security posture.
Looking Forward: Smarter, Not Harder
Securing ICS and OT systems isn’t about overhauling everything. It’s about smart, targeted improvements:
-
Modernize when possible. Focus on bringing firmware and software current, upgrading authentication protocols and configurations, and introducing encryption where it’s feasible.
-
Build bridges between IT and OT. Ensure that IT and OT teams are aligned in their cybersecurity strategies an d understand the interfaces between these environments and systems. Collaboration is key.
-
Stay proactive. Cyber threats evolve constantly. Staying informed and adapting to new risks can make all the difference.
The stakes are high. ICS and OT systems are the backbone of critical infrastructure, and their security—or lack thereof—has far-reaching implications. It’s not just about preventing downtime; it’s about protecting lives, economies, and communities.
Learn More and Stay Secure
The threats to ICS and OT systems are real, but so are the solutions. At Plurilock, we recently hosted a webinar about ICS and OT security featuring actionable strategies and insights—so for a deeper dive, watch the webinar recording on our website.
The battle to secure ICS and OT systems is heating up—so it’s time to make sure that your organization is prepared. ■