Your digital "Home of IT Security"
365 days a year: solutions, knowledge and networking.
Find and offer innovative IT security solutions, take part in our diverse action program and make and maintain contacts.
Become part of the it-sa 365 community!
Make an appointment with
So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.
Create an onsite appointment with
So that you can make an onsite appointment, the appointment request will open in a new tab.
The attack situation in the OT world is changing. Threats against operational technology (OT) are increasing, not least due to geopolitical developments, while the potential damage caused by successful OT attacks is rising.
The networking of production facilities leads to new problems, as OT systems are increasingly coming under the scrutiny of cyber actors. These systems can be of particular relevance in geopolitical conflicts, as industrial control systems such as SCADA and ICS can cause major economic damage with little effort.
Time and again, OT systems are at the centre of security problems, currently photovoltaic systems. These consist not only of solar modules, but also inverters for converting the voltage and control systems. In addition, there is usually a cloud instance in which data is collected and analysed. Systems of this type are not only used by homeowners, but also in industry and solar parks. However, most systems use Chinese technology as well as Chinese clouds.
Researchers from Forescout, a provider specialising in OT security, have now identified several security deficits in the systems examined. Among other things, they found inadequate authentication procedures for cloud access, apps and control APIs with security flaws and the possibility of infiltrating malware into the systems. Also, they found data leaks. The consequences can be devastating. The German Federal Office for Information Security (BSI) is particularly critical of manufacturer clouds. It even fears that the central government in Beijing could gain direct access to a system-relevant part of the German power supply via the internet-enabled devices. The complete takeover of affected devices and their use in botnets in order to launch further attacks cannot be ruled out either.
Threat to the economy and national security
Two further studies recently highlighted the potential risk for OT systems. According to these studies, industrial systems often remain unpatched for too long. 85 per cent of companies do not regularly patch OT systems, according to a global study by OT specialist TxOne cited by the US magazine Security Week. At the same time, attacks continued to increase last year. According to another study by Forescout, 79 per cent of attacks in the OT sector now focus on these systems.
The studies indicate that measures to improve OT security in the industry are only taking effect rather slowly. This is despite the fact that the social impact of OT incidents can be far more massive than that of IT incidents. According to an expert survey conducted by the US magazine Security Week to assess current developments in the OT sector, there is not only a risk of damage to individuals or the economy, but also a threat to national security. The latter is exacerbated by the changing geopolitical situation and the many international conflicts. In addition, the USA, a major cyber nation, is currently pursuing new priorities that are by no means free of pitfalls.
Against this backdrop, the interest of state cyber attackers in operating technology is growing by leaps and bounds. Experts assume that autocratic nation states will increasingly target critical infrastructures in the future in order to disrupt them by attacking SCADA and ICS devices.
Meanwhile, experts are carefully monitoring developments in the Ukraine conflict and have identified certain trends. According to them, cyber attacks at the beginning of the conflict focussed on capturing data, but soon moved on to hijacking or infiltrating simple OT devices in order to gather information about production and control systems. Finally, attacks are carried out on OT systems in the critical infrastructure. One example is the attacks on the Moscow sewage system in spring last year, in which 87,000 alarm sensors that reported filling levels, for example, were deactivated. Shortly afterwards, state-controlled Russian cyber gangs began a campaign of physical sabotage throughout the EU. In addition to critical infrastructure and the defence industry was also targeted.
Attacks on device types instead of individual systems
Experts repeatedly point to a lack of basic security hygiene in OT devices and warn of the consequences: "We are likely to see threat actors shift to attacks that rely less on sophisticated ICS malware and simply exploit the inbuilt capabilities of networked OT devices to cause cyber-physical disruption. This tactic will be coupled with ICS malware that is more generic and device agnostic, allowing attackers to target entire categories of devices such as PLCs and human-machine interfaces (HMIs) rather than just a specific device or manufacturer," according to one expert in the Security Week survey.
But there are also dangers from a completely different angle. For example, if the manufacturer of security products used in the company is taken over by a dubious competitor in problematic countries. A similar problem could also arise due to geopolitical changes: "The trustworthy manufacturer you bought from during globalisation may no longer be considered trustworthy in the geopolitically changed age of protectionism and isolationism and shifting political spheres of influence," warns another expert in the survey.
The relevance of attacks on OT systems is increasing because the real costs of a conventional war are significantly higher than the costs of an OT attack, while at the same time the collateral damage is lower. "Geopolitics makes the world a scary place and geopolitics plus OT makes it a dangerous place," summarises one of the experts in the survey.
Author: Uwe Sievers
OT security specialists know: IT security in the industrial production environment has its own requirements.
Our overview of OT security shows how companies can protect themselves.
Sources:
Security Week: Cyber Insights 2025: OT Security
Security Week: Organizations Still Not Patching OT Due to Disruption Concerns: Survey
The Register: Skyscraper-high sewage plume erupts in Moscow
Forescout: SUN:DOWN Studie
Forescout: Grid Security: New Vulnerabilities in Solar Power Systems Exposed
Deutschlandfunk: Sicherheitsbehörde BSI warnt vor Entwurf für Solarspitzen-Gesetz: China könnte über Wechselrichter Zugriffe auf deutsche Stromversorgung erlangen
Heise Online: Neue Sicherheitslücken in Photovoltaik-Systemen aufgespürt
