Cybersecurity for the lengthy haul: Defending legacy OT techniques

Many manufacturing vegetation rely on OT techniques that keep in service for a few years. That long term can conceal vital cybersecurity dangers.

17 Jun 2026
 • 
,
5 min. learn

In a producing plant constructed round uptime, a machine that has run the identical bodily course of for years with barely a hiccup earns one thing much less generally mentioned than a observe report of throughput: institutional belief. Over time, such quiet reliability has a manner of constructing a sure type of scrutiny really feel pointless, to the purpose that the tools may change into a safety blind spot.

For a very long time, there was a logic to ‘leaving effectively sufficient alone.’ A lot of the operational expertise (OT) in manufacturing was designed to maintain the bodily course of secure, and as soon as the manufacturing line labored, the wise transfer was to maintain the tools in fine condition in order that it may proceed to do its job.

Through the years, nonetheless, the bottom beneath the machine has shifted, and the tools least amenable to alter now typically wants essentially the most safety round it. Many manufacturing environments at present face burning questions, together with: who can contact the tools from the community, how susceptible are the techniques that the machines rely on, and has the previous discount – don’t contact it if it really works – change into a part of the chance?

Growing older out?

Two or three a long time in the past, few in manufacturing misplaced sleep over internet-borne assaults. The menace both didn’t exist or was confined to a handful of nation-state targets. The truth that the commercial protocols had no safety baked in didn’t matter a lot – the machines have been remoted from IT and nothing untrusted may attain them. They merely labored, and there wasn’t a compelling cause to the touch them.

Till there was. The ‘marriage’ of IT and OT, an indicator of digitization and Business 4.0, modified the equation as industrial management techniques (ICS) have been related to networks that these techniques have been by no means designed for. After all, connecting manufacturing techniques to enterprise networks delivers tangible advantages, however the safety implications – that techniques as soon as protected have been instantly not so – arrived extra quietly. The assorted safety shortcomings – together with weak authentication, restricted logging, insecure defaults, and replace processes that will require expensive downtimes – instantly grew to become liabilities.

The severity of the menace in the end revealed itself with damaging cyberattacks, such because the one which hit Jaguar Land Rover in 2025 and is now considered essentially the most damaging cyberattack in British historical past. Moreover, since provide chains run on tight schedules and little-to-no tolerance for error, halting a provider with just-in-time supply commitments spawns a full-blown manufacturing disaster that engulfs a protracted checklist of different firms.

The price of touching a working line

Interrupting a working manufacturing line to improve infrastructure with no apparent operational issues is mostly a tough promote. The property are too deeply embedded within the bodily course of; certainly, they’re typically trapped in what the world’s prime cybersecurity businesses aptly name ‘self-established obsolescence.’

In the meantime, ransomware gangs that began paying critical consideration to manufacturing discovered an assault floor that had been increasing for years with out corresponding safety investments. Inflicting injury that impacts an operational setting can also be totally different from a pure IT breach. Ransomware operators, a few of whom are creating devoted OT capabilities, perceive this math and calibrate their calls for accordingly. Generally, infiltrating enterprise IT and letting the dependencies do the remaining is sufficient.

To make certain, the enterprise equation is shifting, albeit typically from the skin in. Provider contracts more and more comprise security-related provisions whereas cyber-insurers require proof of safety controls, to the purpose that organizations that may’t present it need to swallow steep premiums or are left with out protection. Regulatory necessities are additionally tightening throughout plenty of jurisdictions; for instance, NIS2 imposes stricter cybersecurity necessities for Europe’s essential industries whereas the broad regulatory setting within the US additionally mandates particular actions that drive safety maturity in essential industries.

Prime cyberthreats up shut

Few safety distributors have been as near threats going through essential infrastructure as ESET. Through the years, its menace analysis workforce has peered inside a few of the most vital incidents on report – together with BlackEnergy that triggered a 4–6 hour energy outage for 230,000 individuals in Ukraine in 2015, its successor, GreyEnergy, and Industroyer, the extremely customizable malware that speaks a number of industrial communication protocols utilized in essential infrastructure techniques worldwide and prompted a blackout in Kyiv in 2016. In 2022, ESET researchers additionally recognized Industroyer2, which took intention at Ukraine’s power infrastructure once more. As well as, ESET’s evaluation of NotPetya documented how an assault with no particular OT goal can nonetheless devastate organizations working operational expertise at scale, together with producers.

(Re)constructing safety round your essential tools

Naturally, you possibly can’t shield what you possibly can’t see, and correct asset visibility stays the inspiration of any self-respecting danger mitigation technique. Begin by mapping which techniques in an setting are related and haven’t any safety protection, the place IT and OT networks intersect, which segments are unmonitored, and which manufacturing techniques have fallen outdoors any vendor assist settlement. Given the complexity of cyber-physical techniques, there clearly isn’t any one-size-fits-all strategy to asset stock and different duties.

Precise deployment structure additionally must be resolved early. Whether or not by design or resulting from buyer contracts, regulatory obligations or different causes, some manufacturing environments function underneath air-gap necessities. Safety platforms constructed primarily round cloud connectivity could not, subsequently, match the necessities or the price range.

In the meantime, off-the-peg safety instruments typically don’t effectively meet the enterprise necessities in legacy OT techniques that run on older {hardware} and outdated working system variations. The instruments have to be secure and unobtrusive sufficient to run on constrained techniques with out affecting manufacturing. Community safety, for its half, earns its carry on tools that may’t run any safety agent in any respect, which in most manufacturing environments is under no circumstances an edge case.

Lengthy-term assist addresses what the opposite layers can’t totally shut. When an ICS vendor ends improvement on a platform model, updates ultimately cease. The manufacturing techniques working that model proceed to function for years, accumulating publicity to extra threats. Help commitments that outlast the unique vendor’s assist window are the cybersecurity equal of signing a long-term components settlement for a automobile discontinued years in the past. The machine stays ‘roadworthy.’

Constructed to run for years

Manufacturing has a protracted historical past of engineering its manner out of crises. It’s additionally realized plenty of exhausting classes, together with that ignoring a identified drawback tends to shift – and infrequently multiply – the fee connected to it. The cyberthreat to OT infrastructure is now well-documented, and the instruments to deal with it exist. On this business, this ought to be sufficient to get issues transferring – and, in the end, construct cyber-resilience into the business’s operations.