Operational Technology (OT) Security

What is Operational Technology (OT) Security?

Operational Technology (OT) security is the practice of protecting the hardware and software systems that monitor and control physical processes and infrastructure — including industrial control systems (ICS), SCADA (Supervisory Control and Data Acquisition) systems, distributed control systems (DCS), programmable logic controllers (PLCs), and the networks that interconnect them. OT systems underpin critical infrastructure sectors: energy, manufacturing, water treatment, transportation, healthcare, and utilities. Unlike IT systems, OT security failures can have direct physical consequences — halting production, triggering industrial accidents, disrupting utilities, or endangering human safety.

Description

The convergence of IT and OT networks — driven by industrial IoT (IIoT), cloud connectivity, and remote monitoring requirements — has dramatically expanded the OT attack surface. Systems that were once air-gapped from the internet are now connected through enterprise networks, vendor remote access channels, and cloud management platforms. Forescout's 2025 research identified a record 2,155 ICS vulnerabilities across 508 advisories — the highest volume since tracking began — with fewer than 10% of OT networks globally having any network monitoring in place. In 2024, there was a 49% increase in attacks by state-aligned adversaries on energy, transport, and water sectors. Ransomware groups are increasingly impacting industrial organizations: Dragos tracked 119 ransomware groups affecting over 3,300 industrial organizations in 2025 — nearly double 2024 numbers. The security challenges unique to OT include legacy systems designed decades before cybersecurity was a concern; uptime requirements that make patching extremely disruptive; proprietary protocols not supported by standard IT security tools; safety systems that must not be disrupted even by security controls; and the physical consequences of availability failures that have no equivalent in enterprise IT. network segmentation between IT and OT networks remains one of the most effective OT security controls — limiting lateral movement from a compromised IT environment into operational systems.

Usage and Examples

In 2021, an attacker gained access to the water treatment system in Oldsmar, Florida through a remote access tool and briefly increased sodium hydroxide levels to potentially dangerous concentrations. The attack was caught by a human operator watching the screen — not by automated security monitoring. In 2022, the Industroyer2 malware was deployed against Ukrainian energy infrastructure, designed to directly interact with power grid protocols to cause outages. These incidents illustrate OT security's core challenge: the consequences of a successful attack extend far beyond data theft to physical infrastructure damage and public safety. Effective OT security programs include asset inventory of all OT devices, network visibility through OT-aware passive monitoring tools, strict network segmentation with controlled IT/OT interconnects, incident response plans with OT-specific playbooks, and regular security assessments of OT environments.

How Does This Relate to Penetration Testing?

OT security assessments require specialized expertise — understanding of industrial protocols (Modbus, DNP3, OPC-UA), the safety implications of active testing in operational environments, and threat models specific to industrial adversary groups tracked by MITRE ATT&CK for ICS. Evolve Security's Embedded Systems security testing service addresses the firmware and hardware security of embedded controllers and IoT devices that increasingly appear in OT environments. Advisory engagements support organizations developing OT security programs, conducting risk assessments aligned to IEC 62443 and NIST SP 800-82, and building the monitoring and incident response capabilities that OT environments critically lack. Evolve Security's Embedded Systems testing and Advisory services support OT security programs — from device-level firmware assessment to enterprise OT/IT convergence risk management.