Operational Technology (OT) Cybersecurity / Cybersicherheit der Betriebstechnologie (OT)

OT cybersecurity protects industrial environments such as factories, power grids, water plants, oil & gas, and transportation from cyber threats. It focuses on the systems that monitor and control physical processes: industrial control systems (ICS), SCADA, PLCs, DCS, HMIs, and safety instrumented systems.

Unlike classic IT, OT prioritizes safety and availability over rapid change. Devices often run for decades, use legacy or proprietary protocols (e.g., Modbus, DNP3, PROFINET, OPC UA), and allow limited patch windows. As IT/OT networks converge and more remote connectivity and IIoT sensors are added, the risk of intrusion and process manipulation grows. 

Good OT cybersecurity blends network segmentation (e.g., Purdue Model/“zones & conduits”), rigorous change control, continuous monitoring, and incident response tailored to physical safety. Frameworks commonly referenced include NIST SP 800-82 and ISA/IEC 62443.

How does it affect identity security?

Identity is a first-class control in OT now:

• Human access: Engineers, operators, and vendors need tightly scoped, audited access. Enforce least privilege, role-based access, and phishing-resistant MFA, especially at jump hosts, VPNs, and secure remote access gateways (even if legacy HMIs can’t natively do MFA).
• Vendor & third-party access: Replace “always-on” accounts with Just-in-Time (JIT) elevation and time-boxed sessions. Require ticket-bound approvals, session recording, and immutable logs.
• Non-human & machine identities: Use device certificates and workload identities for gateways, historians, and OPC/field devices; rotate keys/secrets and pin trust to known devices.
• Segmentation by identity: Map privileges to OT zones (Level 0–3) and block lateral movement between IT and OT. Break-glass procedures should exist, but with extra safeguards (hardware keys, out-of-band approvals).
• Continuous verification: Baseline user and service behavior; alert on unusual remote access, off-hours changes, or mass configuration edits.
• Compensating controls for legacy: When you can’t patch or modernize, put identity checks at the perimeter of OT zones (bastions, application gateways) and enforce one-way data flows where possible.

Case study

On December 23, 2015, coordinated intrusions at three Ukrainian regional distribution companies led operators to observe remote opening of breakers, causing power outages that affected roughly 225,000 customers for several hours. 

Investigators documented spear-phishing, use of stolen credentials for remote access into control environments, malicious tooling (including KillDisk wipers), and concurrent telephone denial-of-service to jam call centers. The attacks also interfered with restoration by corrupting firmware on field devices and wiping HMI workstations. 

This remains the most widely documented, confirmed cyberattack to cause an electric outage and is a foundational example for OT cybersecurity programs.

‍