Cybersecurity for the lengthy haul: Defending legacy OT methods

Many manufacturing crops rely on OT methods that keep in service for a few years. That long term can conceal important cybersecurity dangers.

17 Jun 2026
 • 
,
5 min. learn

In a producing plant constructed round uptime, a machine that has run the identical bodily course of for years with barely a hiccup earns one thing much less generally mentioned than a observe file of throughput: institutional belief. Over time, such quiet reliability has a approach of constructing a sure type of scrutiny really feel pointless, to the purpose that the gear may grow to be a safety blind spot.

For a very long time, there was a logic to ‘leaving properly sufficient alone.’ A lot of the operational expertise (OT) in manufacturing was designed to maintain the bodily course of steady, and as soon as the manufacturing line labored, the wise transfer was to maintain the gear in good condition in order that it might proceed to do its job.

Through the years, nevertheless, the bottom beneath the machine has shifted, and the gear least amenable to alter now usually wants probably the most safety round it. Many manufacturing environments at present face burning questions, together with: who can contact the gear from the community, how weak are the methods that the machines rely on, and has the outdated discount – don’t contact it if it really works – grow to be a part of the danger?

Getting old out?

Two or three many years in the past, few in manufacturing misplaced sleep over internet-borne assaults. The menace both didn’t exist or was confined to a handful of nation-state targets. The truth that the economic protocols had no safety baked in didn’t matter a lot – the machines had been remoted from IT and nothing untrusted might attain them. They merely labored, and there wasn’t a compelling motive to the touch them.

Till there was. The ‘marriage’ of IT and OT, an indicator of digitization and Business 4.0, modified the equation as industrial management methods (ICS) had been related to networks that these methods had been by no means designed for. In fact, connecting manufacturing methods to enterprise networks delivers tangible advantages, however the safety implications – that methods as soon as protected had been immediately not so – arrived extra quietly. The varied safety shortcomings – together with weak authentication, restricted logging, insecure defaults, and replace processes which will require expensive downtimes – immediately turned liabilities.

The severity of the menace in the end revealed itself with damaging cyberattacks, such because the one which hit Jaguar Land Rover in 2025 and is now regarded as probably the most damaging cyberattack in British historical past. Moreover, since provide chains run on tight schedules and little-to-no tolerance for error, halting a provider with just-in-time supply commitments spawns a full-blown manufacturing disaster that engulfs a protracted listing of different firms.

The price of touching a working line

Interrupting a working manufacturing line to improve infrastructure with no apparent operational issues is usually a tough promote. The belongings are too deeply embedded within the bodily course of; certainly, they’re usually trapped in what the world’s prime cybersecurity businesses aptly name ‘self-established obsolescence.’

In the meantime, ransomware gangs that began paying critical consideration to manufacturing discovered an assault floor that had been increasing for years with out corresponding safety investments. Inflicting harm that impacts an operational setting can also be totally different from a pure IT breach. Ransomware operators, a few of whom are growing devoted OT capabilities, perceive this math and calibrate their calls for accordingly. Typically, infiltrating enterprise IT and letting the dependencies do the remaining is sufficient.

To make sure, the enterprise equation is shifting, albeit usually from the skin in. Provider contracts more and more comprise security-related provisions whereas cyber-insurers require proof of safety controls, to the purpose that organizations that may’t present it need to swallow steep premiums or are left with out protection. Regulatory necessities are additionally tightening throughout quite a lot of jurisdictions; for instance, NIS2 imposes stricter cybersecurity necessities for Europe’s important industries whereas the broad regulatory setting within the US additionally mandates particular actions that drive safety maturity in important industries.

Prime cyberthreats up shut

Few safety distributors have been as near threats going through important infrastructure as ESET. Through the years, its menace analysis staff has peered inside among the most vital incidents on file – together with BlackEnergy that triggered a 4–6 hour energy outage for 230,000 individuals in Ukraine in 2015, its successor, GreyEnergy, and Industroyer, the extremely customizable malware that speaks a number of industrial communication protocols utilized in important infrastructure methods worldwide and brought about a blackout in Kyiv in 2016. In 2022, ESET researchers additionally recognized Industroyer2, which took intention at Ukraine’s vitality infrastructure once more. As well as, ESET’s evaluation of NotPetya documented how an assault with no particular OT goal can nonetheless devastate organizations working operational expertise at scale, together with producers.

(Re)constructing safety round your important gear

Naturally, you possibly can’t shield what you possibly can’t see, and correct asset visibility stays the muse of any self-respecting danger mitigation technique. Begin by mapping which methods in an setting are related and haven’t any safety protection, the place IT and OT networks intersect, which segments are unmonitored, and which manufacturing methods have fallen outdoors any vendor assist settlement. Given the complexity of cyber-physical methods, there clearly isn’t any one-size-fits-all method to asset stock and different duties.

Precise deployment structure additionally must be resolved early. Whether or not by design or because of buyer contracts, regulatory obligations or different causes, some manufacturing environments function beneath air-gap necessities. Safety platforms constructed primarily round cloud connectivity might not, due to this fact, match the necessities or the finances.

In the meantime, off-the-peg safety instruments usually don’t effectively meet the enterprise necessities in legacy OT methods that run on older {hardware} and outdated working system variations. The instruments have to be steady and unobtrusive sufficient to run on constrained methods with out affecting manufacturing. Community safety, for its half, earns its carry on gear that may’t run any safety agent in any respect, which in most manufacturing environments is on no account an edge case.

Lengthy-term assist addresses what the opposite layers can’t totally shut. When an ICS vendor ends growth on a platform model, updates ultimately cease. The manufacturing methods working that model proceed to function for years, accumulating publicity to extra threats. Assist commitments that outlast the unique vendor’s assist window are the cybersecurity equal of signing a long-term components settlement for a automotive discontinued years in the past. The machine stays ‘roadworthy.’

Constructed to run for years

Manufacturing has a protracted historical past of engineering its approach out of crises. It’s additionally discovered quite a lot of arduous classes, together with that ignoring a identified downside tends to shift – and sometimes multiply – the price connected to it. The cyberthreat to OT infrastructure is now well-documented, and the instruments to deal with it exist. On this trade, this must be sufficient to get issues shifting – and, in the end, construct cyber-resilience into the trade’s operations.