What is operational technology – and why is it at risk?

Operational technology (OT) powers the physical machinery that keeps industries like energy, manufacturing, and transportation functioning. Traditionally air-gapped and separate from IT environments, OT systems have become increasingly connected, exposing them to new and growing cybersecurity threats.

OT comprises the hardware and software systems that detect or trigger changes through direct monitoring and control of physical devices, processes, and events.

Two fundamental components within OT environments are:

• Industrial Control Systems (ICS): A broad category that includes control frameworks such as Distributed Control Systems (DCS) and Programmable Logic Controllers (PLCs).
• Supervisory Control and Data Acquisition (SCADA), which is a subset of ICS, SCADA systems gather real-time data and provide centralized control for geographically dispersed systems.

As digital transformation accelerates, OT and IT systems are becoming more integrated, leading to both increased efficiency and new vulnerabilities.

These systems run across:

• Utilities and power generation
• Oil and gas pipelines
• Manufacturing plants
• Water and wastewater facilities
• Public transportation systems

While IT prioritizes data flow, OT prioritizes process integrity and availability. However, the boundary between IT and OT is vanishing with increasing connectivity.

Practical applications of operational technology

The use of OT spans a wide range of industries, and its applications are central to critical operations:

• Energy: OT manages the generation and distribution of electricity and gas, optimizing loads and responding to demand in real-time.
• Manufacturing: OT automates production processes, monitors equipment status, and ensures consistent quality.
• Transportation: Railway systems, airports, and public transit networks use OT to manage logistics, safety systems, and scheduling.
• Utilities: SCADA systems monitor and control water flow, treatment chemicals, and infrastructure integrity.

Hybrid deployments are becoming more common as Glenn Warwick, head of OT cybersecurity for Bridewell, explains to ITPro.

“The use of cloud-hosted resources is growing in popularity for OT, although we are mainly seeing this for management or ancillary services,” he says. “Organizations are rightly more cautious about the migration of mission-critical systems such as SCADA to the cloud."

This reflects a broader trend of cautious digital modernization, especially in environments where failure can have life-threatening consequences.

Industry dependence on OT

Organizations in sectors like manufacturing, energy, and utilities rely heavily on OT to maintain uptime and operational continuity. According to the Fortinet 2024 State of OT and Cybersecurity Report, 55% of surveyed organizations experienced operational outages that affected productivity due to cyber intrusions.

The consequences go beyond downtime, with the report also highlighting that 52% saw degradation in brand awareness, 48% faced revenue-impacting outages, and 43% lost business-critical data or IP.

As digital transformation efforts gain momentum, organizations deploy cloud-based management services and embrace IT/OT convergence to enhance efficiency. Yet this shift introduces complexity—and vulnerability.

The expanding threats to OT

Intrusions targeting OT systems are increasing in both frequency and impact. Phishing and business email compromise are the most common intrusion methods. Notably, ransomware and wiper malware incidents jumped from 32% in 2023 to 56% in 2024. As noted in the Fortinet report, "Organizations are experiencing more intrusions and more damaging consequences year over year."

Historically, OT systems were air-gapped – completely isolated from external networks – which kept them safe from cyber threats. "The most significant shift, bar none, that has occurred in OT cybersecurity has been the introduction of IP network connectivity,” Warwick explains. "An OT device can theoretically be accessed, directly, from anywhere in the world."

While beneficial for maintenance and performance monitoring, this connectivity exposes OT environments to the same cybersecurity risks that plague IT systems. Yet OT comes with higher stakes. "The most concerning aspect is the threat to human safety, particularly in relation to critical national infrastructure (CNI)," says Ric Derbyshire, principal security researcher at Orange Cyberdefense.

The threat landscape is evolving rapidly. "In our 2025 Security Navigator Report, we recorded a staggering 39% increase in cyberattacks impacting OT systems between 2023 and 2024,” Derbyshire says. “Attacks that once primarily targeted IT systems are increasingly crossing over into OT environments, either intentionally or as collateral damage.”

Why securing OT is complex

Unlike newer edge devices such as the best business laptops, OT devices typically run legacy software with little to no support for patching, encryption, or multi-factor authentication. As the TAG report notes: "Many industrial environments require continuous operation, and any downtime can result in significant financial losses and safety hazards."

There are, though, additional challenges, including inconsistent or limited visibility of OT systems. A decline in penetration testing, and growing attack surfaces due to IoT and IIoT integration. A mere 23% of organizations have achieved the highest level of OT cybersecurity maturity (leveraging orchestration and automation), per the report, despite improvements from 13% the year before.

Because of this, attackers don't always need to exploit software vulnerabilities. They can simply misuse legitimate OT protocols to cause physical damage. Carlos Buenano, CTO for Operational Technology at Armis, tells ITPro that this is a point o concern for cybersecurity teams, who have a hard task maintaining oversight of OT devices.

"OT environments often blend legacy systems with modern assets leaving visibility gaps and exploitable blind spots,” he says.

Traditional security measures, like antivirus softwareTo make matters worse, traditional security measures like antivirus software or automated patch management tools often can’t be applied to OT systems without risking operational disruption.

The result of these weaknesses is plain to see: attacks like those carried out by Volt Typhoon, which went undetected in the US electric grid for nearly one year. The notorious threat group abused vulnerabilities within the Littleton Electric Light and Water Department (LELWD), a regional utility in Massachusetts, during a period when the organization was installing new OT solutions.

Building OT cyber resilience

There are clear strategies to strengthen OT cybersecurity, including:

• Network segmentation and microsegmentation: Following ISA/IEC 62443 standards to isolate OT assets and restrict lateral movement within networks.
• ICS/OT visibility: Real-time monitoring helps identify anomalies. "Enhanced visibility allows security teams to quickly identify and respond to unauthorized access or malicious activities," explains the TAG report.
• Zero trust OT architectures: "No trust" models require constant verification, strict access controls, and microsegmentation of devices.
• Unidirectional gateways: Also known as data diodes, these enforce one-way data flows, keeping OT systems isolated from IT-originated threats.
• Security integration and automation: A platform-based approach helps streamline toolsets, aggregate data, and enable automated threat response.
• Threat intelligence: Up-to-date feeds specific to OT help detect the latest threats before they cause damage.

Organizations with higher security maturity are those that integrate OT cybersecurity into central operations and assign responsibility to senior leadership – such as a CISO or VP of network engineering.

Despite increased awareness and investment, many organizations are still underprepared. The future of OT security lies in proactive, not reactive, strategies.

To stay ahead, IT leaders can take steps such as prioritizing OT-specific controls, making use of emerging technologies such as AI for context-aware threat detection, and using digital twins for safe simulation of OT responses.

Operational technology is vital and vulnerable. As OT systems continue to converge with IT, their exposure to cyber risks grows. While there’s been some progress, the threat landscape is evolving faster than defenses.

As systems that once operated in isolation become more connected, the risks they face multiply. Understanding the nature of OT, its applications, and the evolving threat landscape is the first step toward protecting these critical systems.

Secure OT isn’t a nice-to-have; it’s a necessity. And as the line between digital and physical continues to blur, the resilience of OT environments will define the resilience of our entire society.