40% OT cyber incidents
cause operational downtime*

All sectors operating critical infrastructure or industrial systems face exposure, but certain sectors concentrate the majority of threats—either because they are strategically sensitive or because their cyber maturity levels remain low.

1. Energy (Electricity, Oil & Gas, Nuclear)

Why? National critical infrastructure, high societal dependency, primary targets for state-sponsored attacks.
Major incidents: Ukraine (2015, 2016), Colonial Pipeline (2021), refinery attacks.
Specific Risks: Massive power outages, production sabotage, energy supply disruption.

2. Water & Wastewater Utilities

Why? Legacy systems, limited budgets, direct public health impact, growing exposure (remote SCADA operations).
Major incidents: Attempted water contamination in Oldsmar, Florida (2021), multiple ransomware attacks.
Specific Risks: Water contamination, service disruption, environmental damage.

3. Manufacturing (Automotive, Food & Beverage, Chemicals, Pharmaceuticals)

Why? Automated production lines, heavy legacy systems, economic pressure (critical uptime).
Major incidents: Norsk Hydro (2019), JBS Foods (2021), ransomware attacks on Jaguar Land Rover (2025).
Specific Risks: Production line shutdowns (massive financial impact), IP theft, quality sabotage.

4. Transportation (Rail, Aviation, Maritime, Metro Systems)

Why? Highly connected signaling and control systems, passenger safety at stake.
Major incidents: Deutsche Bahn cyberattack (2023), compromised metro systems.
Specific Risks: Accidents, mobility paralysis, massive economic impact.

5. Healthcare (Hospitals, Pharmaceutical Manufacturing)

Why? Connected medical devices (MRI, CT scanners, infusion pumps), building management systems.
Major incidents: Hospital ransomware attacks (patient redirects, canceled surgeries).
Specific Risks: Human life endangerment, critical drug production halts.

Cross-Sector Trend : The convergence of IT and OT is accelerating across all sectors. Today, 70% of OT systems are now connected, and 22% of OT enterprises have already experienced a cyber incident in 2024. No sector is immune.

A PLC (Programmable Logic Controller), also known as an industrial programmable controller or automated controller, is a hardened computer designed to control machines, production lines, or industrial processes in real-time. It is the brain of operations: it receives data from sensors, executes programmed control logic, and sends commands to actuators (motors, valves, conveyors, etc.).

Where Are PLCs Found? PLCs are everywhere in industry: automotive assembly lines, food & beverage packaging systems, power plants, water treatment facilities, refineries, machine tools, elevators, HVAC systems, and beyond.

PLC Characteristics:

• Real-time: Sub-millisecond response, zero-latency tolerance
• Harsh environments: Extreme temperatures, vibrations, dust exposure
• Longevity: 15–30 year lifespan, often without software updates
• Specialized protocols: Modbus, Profinet, EtherNet/IP, S7comm (Siemens), varies by manufacturer

Why Are PLCs Vulnerable?

1. Designed Without Cybersecurity: No authentication, no encryption, firmware modifiable without control
2. Unpatachable Legacy Systems: Updating them risks disrupting production—most companies accept the cyber risk to avoid operational disruption
3. Growing Connectivity: Once air-gapped, PLCs are now increasingly connected to IT networks for supervisory control, remote maintenance, and Industrial IoT
4. Publicly Documented Vulnerabilities: Protocols and known exploits are widely accessible to attackers

Concrete Cyber Risks:

• Logic Manipulation: Attackers can rewrite PLC programs to alter machine behavior (e.g., Stuxnet)
• Abrupt Shutdown: Forced shutdown commands, configuration destruction
• Industrial Espionage: Theft of proprietary logic and production recipes/formulas
• Physical Attacks: Malicious commands causing overheating, overpressure, or mechanical collision

How to Secure PLCs? Patching impossible? Compensate with strategy: Strict network segmentation (Purdue Model), behavioral communication monitoring, legitimate command whitelisting, restricted and audited access. Defense must be external and non-intrusive—never compromising real-time operations.

A SCADA system (Supervisory Control and Data Acquisition) is a centralized supervisory platform that monitors and controls geographically distributed industrial infrastructure. It is found in electrical grids, pipelines, wastewater treatment plants, water distribution networks, transportation systems, and power generation facilities.

SCADA System Components:

• SCADA Servers: Data collection and processing
• HMI (Human-Machine Interfaces): Visualization and operator command interface
• RTU (Remote Terminal Units) and PLCs: Field equipment that transmit data and execute commands
• Historians: Real-time databases
• Communication Networks: Industrial protocols (Modbus, DNP3, OPC, etc.)

Why Are SCADA Systems Prime Attack Targets?

1. Growing Exposure: 44% of OT devices are exposed on the internet—often without adequate protection.
2. Legacy & Unpatched Vulnerabilities: Systems designed 20–30 years ago, never updated, running unencrypted protocols.
3. Maximum Impact: Compromising a SCADA system grants control over entire critical infrastructure assets.
4. Operator Blindness: SCADA systems concentrate all operational visibility—compromising them leaves operators unable to see what’s happening.

Concrete Cyber Risks:

• Sabotage: Modification of critical parameters (pressure, temperature, flow rates) causing physical damage or equipment failure
• Production Shutdown: Malicious commands halting operations and blocking exploitation
• Sensitive Data Theft: Theft of industrial blueprints, proprietary processes, and operational data
• Lateral Movement: SCADA as a pivot point to compromise other OT or IT systems

How to Protect a SCADA System ? Strict network segmentation, passive behavioral monitoring, hardened access controls, anomaly detection on industrial protocols—and most importantly, an approach that never disrupts 24/7 availability.

The NIS2 Directive (Network and Information Security Directive 2) is the new European cybersecurity framework that entered into force in January 2023, with mandatory transposition into Member States. It replaces and strengthens the NIS1 Directive, significantly expanding its scope—notably to OT infrastructure and supply chains.

Who Is Affected? NIS2 applies to essential entities and important entities across 18 sectors, including:

• Energy (electricity, oil & gas, hydrogen)
• Transport (aviation, rail, maritime, road)
• Healthcare
• Drinking Water & Wastewater
• Digital Infrastructure
• Food & Agriculture
• Manufacturing (chemicals, medical devices, electronics, etc.)

Specific OT Obligations:

• Risk Assessment: Explicitly cover OT systems and Cyber-Physical Systems (CPS)
• State-of-the-Art Cybersecurity Measures: Asset management, network segmentation, incident detection, business continuity plans
• Supply Chain Management: Secure relationships with suppliers and subcontractors with access to critical systems
• Incident Notification: 24-hour early warning notification, followed by detailed reports within 72 hours and comprehensive assessments within 1 month
• Governance: Executive leadership involvement, management training, and direct board-level supervision

Penalties: Up to €10 million or 2% of global annual turnover for essential entities.

Real Impact for OT: NIS2 mandates measurable cyber maturity across industrial environments. It aligns with standards like IEC 62443 and requires treating OT with the same rigor as IT—while respecting OT’s unique operational constraints.

OT Cybersecurity (Operational Technology), also called industrial cybersecurity, is the protection of systems that control and supervise physical infrastructure and industrial processes. Unlike IT cybersecurity, which protects data and information systems, OT cybersecurity protects the equipment that keeps your factories running, your electrical grids operational, your water treatment stations functioning, and your production lines moving.

These Systems Include:

• SCADA (Supervisory Control and Data Acquisition): Centralized supervisory platforms
• PLC/Programmable Logic Controllers: Controllers that operate machines
• DCS (Distributed Control Systems): Distributed control systems
• HMI (Human-Machine Interface): Operator interface systems
• SIS (Safety Instrumented Systems): Safety systems
• RTU, Historians, Industrial Protocols: (Modbus, Profinet, OPC UA, DNP3)

Why is OT Cybersecurity Critical? Because a cyberattack on OT doesn’t just steal data—it can halt production, damage equipment, endanger human lives, and cost millions in downtime. 40% of OT cybersecurity incidents result in operational shutdown.

With 70% of OT systems now connected to IT networks and the internet, the attack surface is exploding—yet these infrastructures were never designed for exposure. OT cybersecurity has become a strategic priority for all critical and industrial infrastructure operators.

IT and OT cybersecurity protect two fundamentally different worlds, with distinct objectives and constraints. Here are the core differences:

Why This Distinction Is Critical? Applying IT security tools to OT can cause production shutdowns, generate massive false positives (53% of OT alerts), and remain incomprehensible to field teams. An IT firewall can block a critical command to a PLC. An active network scan can crash a 20-year-old controller.

The IT/OT convergence demands a new approach: solutions engineered natively for OT, non-intrusive, that speak the language of automation engineers and respect 24/7 availability constraints.

The IEC 62443 standard is the international cybersecurity framework for industrial systems (IACS — Industrial Automation and Control Systems). Developed by the International Society of Automation (ISA) and later standardized by the IEC, it provides a comprehensive framework to secure OT throughout its entire lifecycle — from design to operation.

Structure of the standard:

• Part 1: General concepts and models (zones, conduits, Defense in Depth)
• Part 2: Requirements for operators and integrators (policies, procedures, risk management)
• Part 3: Technical requirements for systems (hardening, monitoring, incident response)
• Part 4: Requirements for component and product manufacturers (secure development)

Security Levels (SL): IEC 62443 defines 4 security levels (SL 1 to SL 4), corresponding to different attacker profiles — from script kiddies to advanced state-sponsored threats. Each organization must assess its target level based on its business risks.

Why has IEC 62443 become essential?

• Regulatory reference: cited by NIS2, the CER Directive, and mandated across multiple sectors (energy, nuclear, defense)
• Common language: facilitates communication among operators, integrators, manufacturers, and auditors
• Pragmatic approach: acknowledges OT constraints (legacy systems, availability) and proposes a progressive, zone-based implementation

Complying with IEC 62443 means structuring your OT cybersecurity industrially — not with IT “band-aids,” but with a defensible, auditable, and resilient architecture.