Risks and Security Imperatives for Industrial Control Systems and Critical Infrastructure Data
Industrial control systems (ICS) and critical infrastructure organizations are facing an escalating threat landscape due to the convergence of operational technology (OT) and information technology (IT), which has eroded traditional security boundaries. As ICS environments become increasingly interconnected with corporate IT networks, they are exposed to a broader array of sophisticated cyber threats, including those from nation-state actors. The consequences of a successful cyberattack on ICS can be severe, ranging from equipment failure and production halts to environmental disasters and threats to human safety. The Colonial Pipeline incident, which resulted from a single compromised password, demonstrated how a digital breach can disrupt physical operations and supply chains, affecting millions of people. In addition to direct attacks on ICS, critical infrastructure organizations must contend with the proliferation of unmonitored data across collaboration platforms such as SharePoint, Google Drive, Exchange, Gmail, Teams, Slack, and Box. This 'back-office clutter' creates a vast, largely ungoverned attack surface that is increasingly targeted by sophisticated adversaries. Sensitive documents, including CAD files, PDFs, and chat transcripts, are often left unclassified and unmonitored, making them attractive targets for cybercriminals. Security leaders have traditionally focused on patching and segmenting OT systems, but the rapid growth of data sprawl in enterprise collaboration tools now demands equal attention. The ease of spinning up new sites and channels for business operations has led to petabytes of data scattered across thousands of locations, often without adequate oversight. This situation is exacerbated by the fact that attackers can exploit these unmonitored environments to gain access to critical systems or sensitive information. The need for robust ICS cybersecurity is now a top priority, as the risks extend far beyond data loss to include operational disruption and public safety hazards. Organizations are urged to implement comprehensive monitoring, classification, and governance of both OT and IT environments to mitigate these risks. The evolving threat landscape requires a shift from traditional, static security measures to dynamic, intelligence-driven approaches that can adapt to new attack vectors. Failure to address these challenges could result in significant operational, financial, and reputational damage for industrial organizations. The integration of continuous monitoring and incident response capabilities is essential to detect and respond to threats in real time. As cyber threats continue to evolve, the security of ICS and the management of enterprise data sprawl must remain at the forefront of critical infrastructure protection strategies. The lessons from past incidents underscore the urgent need for a holistic approach to cybersecurity that encompasses both the physical and digital assets of industrial organizations.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Industry commentary urges ICS cybersecurity as a top industrial priority
A 2025 industry article warned that IT/OT convergence, legacy systems, and increasing attacks on manufacturing and critical infrastructure have made ICS cybersecurity a top business priority. It recommended defense-in-depth measures including asset visibility, segmentation, continuous monitoring, strict access controls, and incident response planning.
Industry commentary warns of critical infrastructure 'back-office' data risk
A 2025 analysis argued that critical infrastructure defenders are under-monitoring collaboration and file-sharing platforms such as SharePoint, Teams, Slack, Google Drive, Exchange/Gmail, Box, and file shares. It described data sprawl, oversharing, exposed OT/SCADA artifacts, embedded secrets, and bulk exfiltration risk as a frontline security issue for critical infrastructure operators.
Volt Typhoon campaign highlights abuse of enterprise tools
The China-linked Volt Typhoon campaign was cited as an example of a nation-state actor leveraging common enterprise and collaboration tools for reconnaissance and living-off-the-land activity against critical infrastructure targets. The campaign underscored that attackers may exploit back-office IT environments rather than only OT/ICS systems directly.
Colonial Pipeline ransomware attack disrupts fuel operations
In 2021, the Colonial Pipeline incident demonstrated how cyberattacks on industrial and critical infrastructure environments can cause major operational disruption and public impact. The event is cited as a prominent example of the real-world consequences of weak ICS/OT cybersecurity.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Security Risks and Best Practices for Industrial and Energy OT Systems
Operational technology (OT) environments, including industrial control systems (ICS) and energy infrastructure such as solar farms, are increasingly exposed to cyber threats due to expanded connectivity and legacy protocols. Attackers are exploiting insecure-by-design protocols like Modbus, which are commonly used in solar panel systems and other industrial assets, to remotely manipulate devices and disrupt operations. Research highlights that with open ports and free tools, threat actors can quickly identify and control exposed OT assets, such as string monitoring boxes in solar farms, leading to rapid and large-scale power disruptions. The use of AI-driven automation further accelerates reconnaissance and exploitation, outpacing traditional human monitoring and response capabilities. To mitigate these risks, security experts recommend a combination of pragmatic, low-disruption controls tailored for operations teams. These include segmenting networks, enforcing robust access controls, and integrating OT telemetry into observability stacks to improve visibility and resilience. Maintaining high data hygiene in IIoT environments is also critical, as clean and reliable telemetry reduces false positives, supports accurate predictive models, and enables faster root cause analysis. Securing programmable logic controllers (PLCs) and other critical OT components is essential not only for data protection but also for ensuring physical safety and operational continuity, as compromised devices can lead to equipment damage or safety hazards.
Mar 21, 2026
Expanding Cyber Risk Across Connected Assets and Supply Chains
Organizations are facing a rapidly evolving cyber risk landscape as the boundaries between IT, operational technology (OT), Internet of Things (IoT), and supply chain systems blur. The proliferation of connected devices, such as cameras, badge readers, HVAC systems, and factory controllers, has significantly increased the attack surface for enterprises. Business demands have driven the integration of IT, OT, and IoT, enabling telemetry to inform analytics and automation, but also concentrating dependencies on critical control planes like cloud consoles and APIs. This interconnectedness means that a single compromised identity provider, software updater, or remote management tool can serve as a single point of failure, potentially impacting thousands of endpoints and critical business processes. Security leaders emphasize the importance of maintaining a living inventory of assets, applying least privilege principles, and segmenting networks by function and criticality to mitigate these risks. Unknown or unmanaged devices should be treated as unsafe until proven otherwise, and where devices lack robust security features, organizations are advised to broker connections through secure gateways. The challenge is compounded by resource constraints and the long lifecycles of many IoT and OT devices, which often cannot be easily updated or replaced. The expansion of cyber risk also extends to the supply chain, where third-party vendors, contractors, and service providers can become entry points for attackers. Recent high-profile breaches have demonstrated that adversaries exploit trusted relationships to infiltrate organizations, with the fallout often affecting the victim company regardless of where the breach originated. This complexity is frequently invisible to the public and regulators, leading to reputational damage and loss of narrative control for affected organizations. Effective cyber readiness now requires extensive preparation, including scenario exercises, communication planning, and training to operate under pressure. The shift from endpoint-centric to control plane-centric risk management reflects the need to address the realities of modern, interconnected business environments. Organizations must adopt an "assume breach" mindset and focus on resilience and recovery planning, not just prevention. The evolving threat landscape demands that security strategies account for the full spectrum of connected assets and the intricate web of dependencies that define today's enterprises. As the definition of cyber risk continues to expand, so too must the approaches to visibility, segmentation, and incident response. Ultimately, the ability to manage and recover from cyber incidents hinges on preparation, visibility, and the recognition that every connected asset and relationship represents a potential risk vector.
Mar 21, 2026
OT and Smart Factory Cybersecurity Risk in Industrial Environments
Industrial and manufacturing organizations continue to face significant **operational technology (OT)** security risk as connected control systems, IoT devices, and legacy infrastructure expand the attack surface. A Siemens Energy report cited by *TechRepublic*, based on Ponemon Institute survey data, found that **77%** of respondents said an OT security compromise in the past 12 months led to loss of confidential information or operational disruption, while **52%** said a successful exploit against their industrial control systems is likely within the next year. Respondents also estimated that **41%** of OT attacks go undetected, with many organizations taking more than a month to detect incidents and an average of seven months to recover. The broader picture is that smart factories are still struggling with basic cyber resilience as modernization outpaces security controls. In an interview with *Help Net Security*, Packsize CSO Troy Rydman said unmanaged **IoT** devices, outdated legacy systems, and human-targeted attacks such as phishing and social engineering remain major weaknesses in factory environments. He also highlighted the persistent tradeoff between production uptime and security requirements, underscoring that industrial operators are still balancing business continuity with the need to reduce exposure across connected devices and older operational systems.
Apr 2, 2026