Operational technology (OT) underpins everyday life by providing the networks and systems required to deliver and maintain key services. These critical infrastructures are increasingly targeted by threat actors, causing public disruption and reputational and financial damage. OT security plays a vital role in redressing this threat, but it must be implemented strategically to be effective. This article outlines what OT security involves, the types of vulnerabilities affecting OT, and OT security best practices that organizations should adopt to ensure their critical infrastructure is secure, stable and resilient.
What is OT?
OT refers to the cybersecurity practices, controls and measures that protect the physical processes, devices and systems that make up industrial networks and critical infrastructures.
OT systems leverage software to automate industrial processes within vital industries, such as water, manufacturing, gas and electricity, aviation, maritime and road and rail.
Following OT security best practices can help to mitigate the many potential risks to critical infrastructure, ensuring that the integrity, safety and operational continuity of industrial networks are maintained and the systems supporting everyday life remain safe, secure and fully operational.
The Imperative for Effective OT Security
OT infrastructures are under threat. Indeed, Kroll observed that manufacturing was the second most attacked industry in 2024. The risk now affects many sectors, with recent research identifying that more than half of global organizations have suffered an OT incident over the past 12 months.
Various factors contribute to this trend. Threat actors target OT networks due to the critical role they play in society and the potential for high-profile and far-reaching impact. With OT and IT infrastructures becoming increasingly interconnected and businesses more reliant on the cloud, there is yet more scope for exploitable vulnerabilities.
As well as increasing in volume, targeted attacks on OT systems now include attacks that specifically affect safety systems. Tool kits available on the dark web now enable low to moderately skilled threat actors to conduct more sophisticated attacks. Targeting critical infrastructure through OT cyberattacks is now part and parcel of the global geopolitical landscape. As tensions increase, the potential for supply chain attacks, subversion of insiders and even unauthorized physical access to critical sites to access OT systems also increases. As a result, strategic OT cybersecurity is now vital for successfully securing systems and infrastructure.
Common OT Vulnerabilities
Complex systems and legacy technology mean that OT is at risk from many types of vulnerabilities with the potential to create operational, business and societal disruption alongside financial loss. Common vulnerabilities include:
- Lack of Segmentation—Lack of proper network segmentation between OT and IT systems can allow easy propagation of cyber threats into OT, disrupting operations or compromising safety. Flat networks allow attackers to move laterally, reaching critical assets.
- Weak Access Controls—OT networks are frequently affected by weak authentication methods and poor access controls. Critical systems and processes can become vulnerable to attack due to unauthorized access as a result of weak passwords, shared credentials and ineffective privilege restrictions.
- Lack of Monitoring—Ineffective monitoring can lead to critical delays in detecting and responding to potential threats.
- Outdated and Unpatched Software—Long life cycles and failure to update equipment due to the need for systems to remain operational mean that common vulnerabilities can be left unpatched, becoming frequent targets for exploitation by cybercriminals. Even regulatory compliance can play a role in this due to the fact that regulations for some industries limit the implementation of new cybersecurity measures.
- Insider Threats—OT networks can be put at risk from within by employees and contractors, either through the accidental or malicious introduction of vulnerabilities.
- Supply Chain Vulnerabilities—Third-party relationships can pose a significant threat to OT systems by causing vulnerabilities, either due to a failure to implement robust security practices or because of attacks on their own systems.
OT Security Case Study: A Natural Gas Distribution Company
A natural gas distribution company needed to gain a clearer understanding of its risk profile, find hidden vulnerabilities and secure its critical operations. The company also wanted to make its OT environment more resilient and to safeguard more effectively against potential cyber threats.
Kroll completed an OT security risk assessment that looked at multiple OT systems. This was supported with attack simulations based on the company’s unique threat profile. The assessment uncovered critical vulnerabilities, such as poor access controls and privilege escalation risks. As a result, Kroll was able to provide actionable guidance that supported the swift implementation of enhanced access controls, segmentation and policy alignment.
Best Practices for Securing OT
With so many potential threats to OT, organizations will benefit from implementing OT security best practices such as the following:
Assess Existing Infrastructure
The foundation of effective OT security is an OT security risk assessment and gap analysis. This provides valuable insights into current assets, business impact and vulnerabilities across people, processes and technologies, resulting in the identification of key risks. The assessment process requires a clear understanding and analysis of business operations, systems and interdependencies. A top-down approach ensures that most critical operations and systems are identified first and allows companies to adequately plan and manage the resources for detailed assessments and remediation activities.
Establish OT Security Policies and Standards
The outcomes of the risk assessment and gap analysis should be used to define a governance framework, which should include policies, procedures, roles and responsibilities, and stakeholder engagement. These should be fully integrated with the company’s broader security risk management framework and aligned with other programs, such as IT security, physical security and insider threat mitigation. Policies should include integration with IT, physical security, insider threat mitigation and supply chain assurance arrangements. The OT security program leadership team should ensure agreement from the OT system owners to help limit the risk of adoption challenges.
Implement Security Controls
Risk assessments and policies should define the list of administrative and technical cybersecurity controls to be implemented. A collaborative approach is required to ensure that selected and implemented security controls are effective. Physical security can pose a challenge when networks of cyber-physical systems are spread across vast distances, but it cannot be an afterthought—physical security considerations should be baked into every OT security program.
Monitor Anomalies and Security Events
Monitoring events using OT security tools—such as OT intrusion detection system or endpoint detection tools—is essential for detecting anomalies, unauthorized access and potential threats within industrial networks. Real-time and continuous monitoring ensures early detection, enabling faster response to reduce the risk of operational disruption.
Ensure Incident Response Readiness
The potential human and financial costs of a security incident mean that ensuring incident response readiness is critical to OT security. A well-thought-out cybersecurity incident response plan is vital for knowing how to act to protect your network, operations and reputation and doing that in the fastest and most effective way possible. Key aspects of a robust OT security incident response plan include assembling an incident response team, outlining technical protocols, determining authority to call an incident, establishing communications procedures and responsibilities, gathering and documenting pertinent information and determining a review and testing schedule.
Maintain and Improve Systems
With the threat landscape constantly changing and technology always evolving, it is important to continually adjust the security program—for example, looking at the need to implement threat detection tools, such as OT intrusion detection systems, and ensuring that malware protection includes deny listing and allow listing software applications. It is also vital to continuously look at new or changed regulations, standards and guidelines. Frequently assessing and reevaluating, identifying improvements and adapting will ensure better results and greater long-term resilience.
Planning Your OT Security Journey
Every organization should develop a plan that will allow them to optimize their OT security maturity journey, ideally within a broad security risk management framework. With new threats emerging all the time, this must be an iterative process.
From uncovering vulnerabilities and risks present in your OT environment to assessing the preparedness of your organization to withstand an OT attack to creating a policy framework, we have the expertise and end-to-end services to support your organization at every stage of your OT security journey. The image below demonstrates how our services align with and support every step toward OT security maturity.
The OT Security Journey
Why Choose Kroll?
Kroll’s OT security services harness cyber and physical risk solutions to help critical infrastructure industries assess, transform and monitor their OT security posture while planning for operational resilience. Whether you are just starting your OT cybersecurity program or looking to optimize an existing one, Kroll offers a full-service portfolio to advance your cyber resilience.
We deliver comprehensive solutions tailored to manage and mitigate the unique security challenges associated with OT environments and ensure your OT systems are secured at every stage, from identifying risks to maintaining long-term defenses. Our services align with globally recognized frameworks, such as IEC 62443, National Institute of Standards and Technology and European Union Agency for Cybersecurity. Our highly skilled experts hold OT security-specific certifications, such as ISA 62443, Global Information Assurance Certification (GIAC) Information Security Professional and GIAC Response and Industrial Defense.
Our partnerships with leading OT cybersecurity technology vendors enable us to evaluate, deploy and manage solutions that are uniquely suited to your OT environment to help you stay ahead of evolving threats.
Stay Ahead with Kroll
OT Security
Safeguard your most critical systems against cyber threats with Kroll’s comprehensive OT security services, ensuring visibility, business continuity and resilience.