OT Security Guide

CybersecurityOpinionOTmanufacturing
Written By vishal vashisht

Musings on OT Security in 2025.

As attackers move from IT Systems to OT systems, which tend to be a lot more important yet far less secure, we’re seeing processes moving forwards on how to secure those systems.

What good is Londons best Orangutan supporting IT firm if the local hospital, oil firm or energy firm is broken due to an attack on their infrastructure.

OT Systems are also a natural target for State actors, who want to attack things that are the core needs of any country. We’ve seen attacks on councils, oil pipelines, hospitals etc.

By their nature, OT systems are a lot harder to secure and have visibility over as well as being older in terms of technology & generally not secured in the way that IT systems tend to be.

FrostyGroop is the first malware that uses TCP to target the Modbus protocol, so these things are developing and are in the wild.

What can you?

Have a response plan in place. This should include being able to go to paper if needed. Hard, I know for manufacturing etc, but the plans should be in place and tested. This will also help you in the case of accidents.

Define a Segmented Network - Zero Trust again and Segmentation. Don’t give your IT Admins access to the manufacturing hardware. Also think VMware. You should not have your hosts in your Active Directory (regardless of Broadcoms older documentation), you should think about security over convenience for your administrators.

Establish monitoring of your OT systems - You can’t defend what you don’t know. Speak to the experts, the people who work with the OT systems daily. OT security is NOT IT Security. Don’t go slamming in like a Gorilla and insisting on hamfisting IT cybersecurity procedures into things like oil/gas OT or manufacturing systems.

Secure Remote Access - It’s been traditional for OT manufacturers to setup remote access to the systems. Whether this is VPN access over the internet or dial up lines into the environment. Know EVERY point of ingress and egress. Some of these might be a modem from 10 years + ago sat under the floor somewhere. Once again. Talk to the guys who work with these systems daily.

Risk Based Approach - Understand that most OT systems can’t be taken offline in the same way a server can or your microservices can be Chaos Monkey’d. The approach might be that the system will have to be isolated. Your OT systems can easily be decades old & will be unable to be patched.

There we go…I hope that helps. I promise to try to get more of my brainwaves down here going forwards.

vishal vashisht https://www.phatmonkey.co.uk
Next

Harness the power of AI in your business with Microsoft Azure