Top Cybersecurity Risks in Industrial Automation

By Dustin Guttadauro, Product Line Manager - Telecom & Fiber, Infinite Electronics  

Industrial automation systems were not designed to be secure. They were designed to be reliable, deterministic, and available — running the same control loops for 20 years without interruption. Security was an afterthought because these systems were air-gapped, physically isolated, and accessed only by trained personnel with physical access. 

That world no longer exists. OT/IT convergence, remote monitoring, cloud-connected SCADA, and supply chain integration have connected industrial automation systems to networks they were never designed to face. The security debt is real, the attack surface is growing, and the consequences of a breach in an industrial environment are categorically different from a corporate IT breach.  

Industrial Automation Cybersecurity Risk Overview 

Risk 1: Flat OT Networks With No SegmentationRisk 1: Flat OT Networks With No Segmentation 

A flat OT network — one with no internal zone boundaries — is the single most exploited structural weakness in industrial automation. Once an attacker gains a foothold anywhere on the network, they can reach everything: PLCs, SCADA servers, HMIs, historian databases, and safety systems. There's no boundary to slow them down. 

This architecture is common because it's how OT networks were originally built. When the only people on the network were plant engineers accessing control systems, there was no adversarial traffic to contain. That assumption broke down as these networks became connected to IT systems, vendor remote access, and the internet. The 2021 Colonial Pipeline attack is the most cited example of what flat network architecture costs. Attackers compromised the IT network, and because IT and OT were insufficiently segmented, the company shut down OT operations preemptively to prevent the ransomware from spreading. The segmentation failure wasn't in OT — it was at the IT/OT boundary. 

Mitigation: 

•   Deploy industrial firewalls at the IT/OT boundary and between internal OT zones — see our companion post on industrial firewall deployment best practices 

•  Implement a DMZ between IT and OT networks; historian servers and data transfer systems belong in the DMZ, not directly on either side 

•  Use VLAN segmentation on managed industrial switches to isolate device classes that don't need to communicate directly 

Industrial wireless gateways with built-in firewall capability enforce segmentation at the OT boundary without requiring a separate appliance. 

 Risk 2: Default and Shared Credentials on OT Devices 

Most industrial control system devices ship with default credentials. Username: admin. Password: admin. Or the vendor's standard default, which is publicly documented in every product manual available online. These credentials are set at the factory and, in a large percentage of deployed systems, never changed. 

In an isolated OT network, default credentials were a nuisance, not a crisis. On a network connected to anything else, they're an open door. An attacker with network access to a PLC using default credentials has full control of that device, and they don't need to do anything sophisticated to get it. 

Shared credentials compound the problem. When multiple technicians share a single login, there's no audit trail. You can't tell who made a configuration change, when, or from where. In a post-incident investigation, shared credentials are why you can't answer basic questions about what happened. 

Mitigation: 

•   Conduct a credential audit across all OT devices — document what the current credentials are, which are still defaults, and which are shared 

•  Deploy a Privileged Access Management (PAM) system for OT credentials; CyberArk and Delinea both have OT-aware implementations  

•  Where devices can't support unique credentials (some legacy PLCs), compensating controls — network access restrictions, port-level security on managed switches — limit who can reach the device 

Risk 3: Unmanaged Remote Access to OT Systems 

Remote access to OT systems is operationally necessary. Engineers need to troubleshoot problems without driving to the site. Vendors need to service equipment. SCADA operators work from control rooms that may be geographically separated from the plant floor. None of this is going away. 

The risk isn't remote access itself — it's unmanaged remote access. A VPN tunnel was opened for a vendor site visit that was never closed. RDP was exposed on a public IP because someone needed quick access during an emergency. TeamViewer is installed on an HMI for convenience. Each of these is a persistent entry point with no monitoring, no session recording, and often no one who knows it exists. 

Dragos's annual OT threat report consistently identifies vendor remote access as one of the top initial access vectors in ICS incidents. The pattern is consistent: a vendor account with legitimate access is compromised, and attackers use that trusted access to reach production systems. 

Mitigation: 

•   Inventory all remote access paths — VPNs, jump servers, direct RDP, vendor tools — and close anything not actively required 

•  Require MFA on all remote access sessions into OT environments 

•  Use purpose-built OT remote access platforms (Tosibox, Secomea, Claroty xDome) that provide session recording and just-in-time access 

•  Never permit direct vendor access to production systems; require vendors to connect through a monitored jump server in the DMZ 

 Risk 4: Unpatched Legacy OT Equipment 

A PLC installed in 2005 was never designed to receive security patches. It may run firmware that hasn't been updated since installation. It almost certainly has known vulnerabilities — documented in public CVE databases, understood by researchers, and available in exploit frameworks. And replacing it may cost hundreds of thousands of dollars in equipment, engineering, and downtime. 

This is the core tension in OT security: the equipment that most needs patching is the equipment that's hardest to patch. In IT, a vulnerable server gets patched during a maintenance window. In OT, patching a PLC might require a production shutdown, a validation process to confirm the patched firmware doesn't change behavior, and a rollback plan if it does. The operational cost is high enough that many organizations simply don't patch. 

Mitigation: 

•   Build an OT asset inventory with firmware versions and known CVEs for every device — you can't prioritize patching without knowing what you have 

•  Apply compensating controls around devices that can't be patched: network isolation, protocol-aware firewall rules that limit communication to only what's required, and anomaly monitoring 

•  Implement virtual patching through IPS rules on industrial firewalls that block traffic patterns associated with known exploits targeting specific device models 

•  Develop a patch testing and validation process so that when patches are available and the risk is high enough, you can apply them with confidence 

Risk 5: Ransomware Targeting OT Environments 

Ransomware operators have learned something important: manufacturing companies are more willing to pay a ransom to restore production than to recover encrypted data. The cost of a day of production stoppage at a large facility can exceed the ransom demand. The incentive to pay is real. 

OT ransomware doesn't need to reach PLCs or SCADA systems to cause production stoppages. Encrypting the historian database, the engineering workstations, or the MES system is often enough to force an operational shutdown while IT scrambles to restore. The Colonial Pipeline incident involved ransomware that hit the IT network — the OT shutdown was a precautionary measure. The impact was the same. 

Mitigation: 

•  Maintain offline, air-gapped backups of OT configurations, historian data, and engineering project files — ransomware can't encrypt what it can't reach 

•  Segment OT networks from IT networks so that ransomware spreading through IT systems hits a firewall before reaching OT 

•  Develop and test an OT-specific incident response plan — including who to call, how to isolate affected systems, and how to restore from backup — before you need it 

•  Train operators on phishing awareness; most ransomware entry points are email-based, often targeting IT systems that have a path to OT 

Risk 6: Engineering Workstation Compromise 

Engineering workstations occupy a uniquely dangerous position in the OT network architecture. They have legitimate, often privileged access to PLCs, DCS controllers, and SCADA systems — because that's what they're for. An engineer uses the workstation to download logic to a PLC, update firmware, and modify control parameters. 

If an attacker compromises the engineering workstation, they inherit all of that legitimate access. They can modify PLC logic. They can download malicious firmware. They can manipulate process parameters in ways that cause physical damage — which is exactly what the Stuxnet malware did, using a compromised Siemens Step 7 engineering environment to deliver modified PLC logic to uranium enrichment centrifuges. 

Engineering workstations often have internet access because engineers need to download vendor updates and access documentation. Internet connectivity is how attackers get in. 

Mitigation: 

•  Airgap or strictly control internet access on engineering workstations — use a separate, non-production machine for internet access and vendor downloads 

•  Apply application allow listing (only pre-approved applications can execute) on engineering workstations — this blocks most malware regardless of how it arrives 

•  Require MFA for PLC programming software access; log all PLC logic changes with timestamps and user attribution 

•  Keep engineering workstations on a separate network segment from the broader OT network; they should only reach the specific PLCs they manage 

Risk 7: Third-Party and Supply Chain Access 

Industrial automation systems depend on vendor support. The PLC vendor needs remote access to troubleshoot. The SCADA integrator needs access to update the application. The instrument calibration service needs network access to its calibration tools. In a typical manufacturing facility, dozens of third parties have had remote access at some point. 

Each of those access paths is a potential supply chain attack vector. A vendor's own systems get compromised; the attacker uses the vendor's legitimate credentials to pivot into the manufacturer's OT network. This is the same attack pattern as the SolarWinds incident — except in OT, the downstream impact is physical process disruption rather than data theft. 

Mitigation: 

•  Audit all active third-party remote access credentials; revoke anything not currently required 

•  Require vendors to connect through a monitored jump server with session recording — never allow direct vendor connections to production OT devices 

•  Implement just-in-time (JIT) access for vendors: access is activated for a specific window, for a specific system, requires approval, and closes automatically 

•  Review vendor cybersecurity posture as part of procurement — ask about their incident response capabilities and whether they've had breaches affecting customers 

Risk 8: Targeting of Safety Instrumented Systems 

Safety instrumented systems (SIS) are the last line of defense against physical accidents. When a process exceeds a safe operating limit — pressure too high, temperature out of range, toxic gas level rising — the SIS takes the process to a safe state, independent of the main control system. They're designed to work even if the DCS fails. 

The 2017 Triton/TRISIS attack was the first publicly documented cyberattack specifically targeting an SIS. Attackers deployed malware that attempted to reprogram Schneider Electric Triconex safety controllers at a petrochemical facility in Saudi Arabia. The goal was to disable the safety systems so that a subsequent attack on the process control system could cause physical damage without the SIS intervening.  

The attack failed — not because it was detected, but because a bug in the malware caused the safety controllers to enter a fail-safe state, which triggered an investigation. The intent was clear. 

Mitigation: 

•  Physically and logically isolate SIS networks from process control networks and IT networks — this is a design requirement, not a preference 

•  Use data diodes (hardware-enforced one-way communication) rather than firewalls at SIS boundaries where monitoring data needs to flow out; nothing flows in 

•   Treat any SIS device as air-gapped for configuration purposes — changes require physical access, not network access 

•  Audit SIS configurations regularly and compare against a known-good baseline — unauthorized changes are a red flag 

Risk 9: Insecure Industrial Wireless Networks 

Industrial wireless networks — used for mobile HMIs, wireless sensors, AGVs, and hard-to-cable equipment — introduce an attack surface that doesn't require physical access to the plant. An attacker within RF range of an improperly secured wireless network can attempt to inject traffic, intercept unencrypted communications, or conduct a de-authentication attack that disrupts wireless control. 

Common failure modes include: consumer-grade access points in industrial environments (wrong hardware for the conditions and wrong feature set for OT security), WPA2-Personal with shared passphrases that never change, no rogue AP detection, and wireless networks that span OT and IT without segmentation. 

Mitigation: 

Deploy industrial wireless gateways rated for the physical environment and configured with WPA3 or WPA2-Enterprise (802.1X authentication) rather than shared passphrases. 

•  Segment wireless OT devices onto VLANs isolated from the wired OT backbone; a compromised wireless device should not have direct access to PLCs 

•  Conduct RF site surveys before deployment and periodically afterward to identify rogue access points and coverage gaps 

•  Enable wireless intrusion detection on industrial APs where supported; alert on de-authentication floods and new device associations 

Risk 10: Insufficient Visibility Into OT Network ActivityRisk 10: Insufficient Visibility Into OT Network Activity 

You can't detect what you can't see. Most industrial automation environments have no baseline of normal network behavior, no passive monitoring of OT traffic, and no systematic log collection from field devices. An attacker who gains access to the OT network can operate undetected for weeks or months — the Dragos 2024 OT Cybersecurity Year in Review reported median attacker dwell time in OT environments significantly exceeding IT environments. The absence of visibility isn't laziness — it's a consequence of how OT networks were built. There was no adversarial traffic, so monitoring wasn't designed in. Now that the threat environment has changed, the monitoring infrastructure has to be retrofitted. 

Mitigation: 

•   Deploy passive OT network monitoring (Claroty, Nozomi Networks, Dragos Platform, or open-source Zeek/Suricata) on a SPAN port — passive monitoring doesn't disrupt control traffic 
•   Build an OT asset inventory as a baseline — you can't detect unauthorized devices without knowing what authorized devices look like 

Use industrial IoT sensors for environmental and physical monitoring that feeds into the same alerting infrastructure as network monitoring — an anomaly on the plant floor and an anomaly on the network may be related. 

How Do OT Cybersecurity Risks Differ From IT Cybersecurity Risks?How Do OT Cybersecurity Risks Differ From IT Cybersecurity Risks? 

Where Should You Start With OT Cybersecurity Risk Reduction?Where Should You Start With OT Cybersecurity Risk Reduction? 

Don't try to address all ten risks simultaneously. That's how OT security programs stall — the scope is too large, nothing gets finished, and the security posture doesn't actually improve. 

A practical sequencing: 

1.  Start with visibility. You can't prioritize without knowing what you have. A passive OT monitoring deployment and an asset inventory give you the baseline; everything else depends. 

2.  Fix network segmentation. An IT/OT boundary firewall addresses Risks 1, 5, and partially 7 and 9 simultaneously. It's the highest-leverage single control. 

3.    Audit and rotate credentials. A credential audit is low-cost and addresses Risk 2 directly. Default credentials are the easiest wins for attackers — and the easiest fixes for defenders. 

4.  Inventory and close remote access paths. Risk 3 is the most common initial access vector in documented ICS incidents. Closing unnecessary access paths and requiring MFA on what remains is high-impact, moderate effort. 

5.   Develop an OT-specific incident response plan. When something goes wrong — and eventually something will — having a documented, tested response procedure determines whether a bad day becomes a catastrophe. 

Supporting Secure Industrial Connectivity 

Strong cybersecurity starts with a strong network foundation. From industrial Ethernet and fiber infrastructure to industrial wireless networking and connectivity solutions, L-com helps organizations build resilient industrial networks that support security, reliability, and long-term operational performance. 

Frequently Asked Questions (FAQs) 

What is OT cybersecurity? 
OT (operational technology) cybersecurity focuses on protecting the systems, devices, and networks that monitor and control industrial processes, including PLCs, SCADA systems, HMIs, sensors, and industrial communication networks. 

What is the biggest cybersecurity risk in industrial automation? 
While risks vary by environment, inadequate network segmentation remains one of the most common vulnerabilities because it allows threats to move more easily between IT and OT systems. 

Why are industrial automation systems vulnerable to cyberattacks? 
Many industrial systems were designed for reliability and long service life rather than modern cybersecurity requirements. As these systems become more connected, they face risks they were not originally designed to address. 

How does OT cybersecurity differ from traditional IT cybersecurity? 
IT security primarily focuses on protecting data and information systems, while OT security prioritizes system availability, operational continuity, and safety. A successful OT attack can disrupt production or affect physical processes. 

What role does network segmentation play in industrial cybersecurity? 
Network segmentation helps limit communication between systems and reduces the ability of threats to spread throughout an industrial environment. It is considered one of the most effective foundational security controls. 

Where should manufacturers begin improving OT cybersecurity? 
Most organizations start by identifying connected assets, improving network visibility, reviewing remote access methods, strengthening authentication practices, and implementing segmentation between IT and OT environments.