Cybersecurity for the lengthy haul: Defending legacy OT techniques

Many manufacturing crops rely on OT techniques that keep in service for a few years. That long term can conceal important cybersecurity dangers.

17 Jun 2026
 • 
,
5 min. learn

In a producing plant constructed round uptime, a machine that has run the identical bodily course of for years with barely a hiccup earns one thing much less generally mentioned than a monitor report of throughput: institutional belief. Over time, such quiet reliability has a manner of creating a sure type of scrutiny really feel pointless, to the purpose that the gear may change into a safety blind spot.

For a very long time, there was a logic to ‘leaving nicely sufficient alone.’ A lot of the operational expertise (OT) in manufacturing was designed to maintain the bodily course of steady, and as soon as the manufacturing line labored, the wise transfer was to maintain the gear in good condition in order that it might proceed to do its job.

Through the years, nevertheless, the bottom beneath the machine has shifted, and the gear least amenable to alter now typically wants probably the most safety round it. Many manufacturing environments as we speak face burning questions, together with: who can contact the gear from the community, how weak are the techniques that the machines rely on, and has the outdated cut price – don’t contact it if it really works – change into a part of the chance?

Growing old out?

Two or three a long time in the past, few in manufacturing misplaced sleep over internet-borne assaults. The risk both didn’t exist or was confined to a handful of nation-state targets. The truth that the commercial protocols had no safety baked in didn’t matter a lot – the machines have been remoted from IT and nothing untrusted might attain them. They merely labored, and there wasn’t a compelling purpose to the touch them.

Till there was. The ‘marriage’ of IT and OT, a trademark of digitization and Trade 4.0, modified the equation as industrial management techniques (ICS) have been linked to networks that these techniques have been by no means designed for. After all, connecting manufacturing techniques to enterprise networks delivers tangible advantages, however the safety implications – that techniques as soon as protected have been all of the sudden now not so – arrived extra quietly. The varied safety shortcomings – together with weak authentication, restricted logging, insecure defaults, and replace processes that will require pricey downtimes – all of the sudden grew to become liabilities.

The severity of the risk finally revealed itself with damaging cyberattacks, such because the one which hit Jaguar Land Rover in 2025 and is now considered probably the most damaging cyberattack in British historical past. Moreover, since provide chains run on tight schedules and little-to-no tolerance for error, halting a provider with just-in-time supply commitments spawns a full-blown manufacturing disaster that engulfs a protracted checklist of different firms.

The price of touching a working line

Interrupting a working manufacturing line to improve infrastructure with no apparent operational issues is usually a tough promote. The property are too deeply embedded within the bodily course of; certainly, they’re typically trapped in what the world’s high cybersecurity businesses aptly name ‘self-established obsolescence.’

In the meantime, ransomware gangs that began paying severe consideration to manufacturing discovered an assault floor that had been increasing for years with out corresponding safety investments. Inflicting harm that impacts an operational surroundings can be completely different from a pure IT breach. Ransomware operators, a few of whom are creating devoted OT capabilities, perceive this math and calibrate their calls for accordingly. Generally, infiltrating enterprise IT and letting the dependencies do the remaining is sufficient.

To make sure, the enterprise equation is shifting, albeit typically from the skin in. Provider contracts more and more include security-related provisions whereas cyber-insurers require proof of safety controls, to the purpose that organizations that may’t present it need to swallow steep premiums or are left with out protection. Regulatory necessities are additionally tightening throughout numerous jurisdictions; for instance, NIS2 imposes stricter cybersecurity necessities for Europe’s vital industries whereas the broad regulatory surroundings within the US additionally mandates particular actions that drive safety maturity in vital industries.

Prime cyberthreats up shut

Few safety distributors have been as near threats dealing with vital infrastructure as ESET. Through the years, its risk analysis workforce has peered inside a few of the most important incidents on report – together with BlackEnergy that triggered a 4–6 hour energy outage for 230,000 folks in Ukraine in 2015, its successor, GreyEnergy, and Industroyer, the extremely customizable malware that speaks a number of industrial communication protocols utilized in vital infrastructure techniques worldwide and triggered a blackout in Kyiv in 2016. In 2022, ESET researchers additionally recognized Industroyer2, which took purpose at Ukraine’s vitality infrastructure once more. As well as, ESET’s evaluation of NotPetya documented how an assault with no particular OT goal can nonetheless devastate organizations working operational expertise at scale, together with producers.

(Re)constructing safety round your vital gear

Naturally, you’ll be able to’t defend what you’ll be able to’t see, and correct asset visibility stays the muse of any self-respecting threat mitigation technique. Begin by mapping which techniques in an surroundings are linked and don’t have any safety protection, the place IT and OT networks intersect, which segments are unmonitored, and which manufacturing techniques have fallen outdoors any vendor help settlement. Given the complexity of cyber-physical techniques, there clearly isn’t any one-size-fits-all method to asset stock and different duties.

Precise deployment structure additionally must be resolved early. Whether or not by design or as a consequence of buyer contracts, regulatory obligations or different causes, some manufacturing environments function below air-gap necessities. Safety platforms constructed primarily round cloud connectivity could not, due to this fact, match the necessities or the finances.

In the meantime, off-the-peg safety instruments typically don’t effectively meet the enterprise necessities in legacy OT techniques that run on older {hardware} and outdated working system variations. The instruments have to be steady and unobtrusive sufficient to run on constrained techniques with out affecting manufacturing. Community safety, for its half, earns its carry on gear that may’t run any safety agent in any respect, which in most manufacturing environments is on no account an edge case.

Lengthy-term help addresses what the opposite layers can’t absolutely shut. When an ICS vendor ends growth on a platform model, updates finally cease. The manufacturing techniques working that model proceed to function for years, accumulating publicity to extra threats. Help commitments that outlast the unique vendor’s help window are the cybersecurity equal of signing a long-term elements settlement for a automobile discontinued years in the past. The machine stays ‘roadworthy.’

Constructed to run for years

Manufacturing has a protracted historical past of engineering its manner out of crises. It’s additionally realized numerous onerous classes, together with that ignoring a identified drawback tends to shift – and sometimes multiply – the associated fee connected to it. The cyberthreat to OT infrastructure is now well-documented, and the instruments to sort out it exist. On this business, this ought to be sufficient to get issues shifting – and, finally, construct cyber-resilience into the business’s operations.