Contributed to this research: Adam Laurie and Sameer Koranne.

Given the accelerating rise in operational technology (OT) threats, this blog will address some of the most common threats IBM Security X-Force is observing against organizations with OT networks, including ransomware and vulnerability exploitation. IBM will also highlight several measures that can enhance security for OT networks based on insights gained from the X-Force Red penetration testing team and X-Force incident response’s experience assisting OT clients with security incidents. These include a focus on data historian and network architecture, such as domain controllers.

OT is hardware and software that controls industrial processes, such as heavy manufacturing equipment, robotics, oil pipeline or chemical flows, electric utilities and water and the functionality of transportation vehicles.

Typically, OT networks are segregated from information technology (IT) networks at organizations that have both. Email, customer transactions, human resources databases and other IT are separated from technologies that control physical processes. Even so, typical threats against IT networks have the potential to affect OT networks, particularly if segmentation is not effective or engineers decide to shut down the OT network as a precaution after an attack on the IT network, such as ransomware.

Threats to OT networks are arguably more dangerous than threats to IT networks because of the physical outcomes that can result, such as passenger vehicle malfunctions, explosions, fires and potential loss of life. A cyberattack with these outcomes becomes, in effect, a physical weapon.