teissTalk: 2026 predictions for OT security and the future of cyber physical systems

Please register or log-in to watch this on-demand episode

Views on news

 

The US government is warning that unsophisticated pro-Russia hacktivists are targeting US critical infrastructure to gain access to operational technology (OT) control devices. These so-called "opportunistic" attacks so far have had limited impact but could pose a more dire threat in the future. The CISA advisory includes various mitigations for OT asset owners and operators to help them avoid potentially disruptive or even destructive attacks. They include reducing the exposure of OT assets to the public-facing Internet; adopting mature asset-management processes; and ensuring OT assets use robust authentication procedures. A lot of the critical infrastructure is not run by governments but commercial organisations, who society is dependent on. Security or even patching is much more of an effort in industrial organisations – particularly for ones providing 24/7 service – than in non-industrial ones. In industrial facilities, the nature of the business makes it a very difficult challenge to defend against cyber-attacks. In industrial systems, there can still be Cisco switches and routers with default passwords that can be looked up on Google and can be leveraged to shut an entire plant down. 

 

The convergence of IT and OT

OT users are increasingly moving to the cloud and embrace edge computing. The major hurdle in OT is that you can’t put endpoint protection on a PLC. However, as Elliot Gidley of Claroty points out, if industrial organisations decide to deploy state-of-the-art digital technology, they must bake security into them. Previously, these systems were practically air-gapped – they were completely disconnected, and you had to be on the site to be able to breach them. But if you open them up, you expose them to attacks. With old systems, you needed specialised technical knowledge to breach them, which may no longer be required with the number of internet-facing systems on the increase. 

Attackers often reuse the same code for new attacks, like in the case of the Stuxnet attack, exploiting a PLC’s vulnerability. Getting information on these legacy systems has also become much straightforward thanks to AI. Industrial organisations must now follow the process already familiar for IT experts – getting visibility of their assets, understanding the risks these assets pose, establishing whether there already exist any tangible risks (vulnerabilities that have already been exploited). This should be followed by securing critical assets and putting TTPs in place. A change must be managed from the board level down to asset owners and production line managers in plants to reorganise everything around security and risk, including the practice of micro-segmenting devices, as well as people. In the absence of remedial plans in many industries, it’s risk mitigation that should be given priority. 

The panel’s advice

• On average, it takes 70 minutes for an attacker to get root access.
• With the current 65% of OT environments having insecure remote access and a 87% increase in ransomware attacks against industry, manufacturing is expected to become the new battle ground in 2026.
• While in IT, less than 25% of victims pay ransom, this figure is 70% in manufacturing, as they still don’t have the right controls in place.
• Security starts on the manufacturing site – it’s not only the responsibility of service providers.