Imagine running a critical facility where suddenly, amid normal operations, your control systems begin behaving erratically. Screens flicker, equipment fails, and operators lose visibility into vital processes. This isn’t science fiction—it’s the reality faced by organizations worldwide as traditional boundaries between information technology (IT) and operational technology (OT) dissolve. The integration that brings undeniable efficiency also introduces profound security challenges that continue to evolve.

In December 2014, a German steel mill experienced precisely this scenario when attackers compromised a furnace, causing significant physical damage. The attack vector followed what has now become a familiar pattern: spear-phishing of employees provided initial access to corporate networks, which attackers then leveraged to move laterally into production systems, ultimately forcing OT failures.

This incident marked an early warning of a threat landscape that has only grown more complex. Perhaps no examples better illustrate these risks than the Ukrainian power grid attacks.

In December 2015, just a year after the German steel mill incident, attackers executed a carefully orchestrated assault on Ukrainian power distribution companies. Using sophisticated techniques, they gained remote access to SCADA systems controlling circuit breakers, temporarily disrupting electricity supply to approximately 230,000 customers during winter. This represented the first confirmed cyber attack to successfully compromise power grid operations.

Even more concerning, in December 2016, Ukraine experienced a second, more sophisticated attack targeting a transmission-level substation. This attack employed custom malware called “Industroyer” (also known as “CrashOverride”), specifically designed to interact with industrial control protocols. The malware could directly control electricity substation switches and circuit breakers, demonstrating an alarming evolution in capabilities targeting critical infrastructure.

Since then, numerous other cases have further illustrated these dangers:

1. In 2017, the NotPetya malware affected multiple organizations globally, including shipping giant Maersk and pharmaceutical company Merck. What began as an attack on Ukrainian systems spread worldwide, with Merck reporting over $1.3 billion in damages when malware moved from IT networks to production systems.
2. In 2021, Colonial Pipeline temporarily shut down its entire 5,500-mile fuel pipeline operation after ransomware affected its IT systems. While the attack didn’t directly compromise OT systems, the company proactively closed operations due to concerns about potential crossover and billing system impacts, causing fuel shortages across the eastern United States.
3. In 2023, water utilities across multiple US states experienced breaches where attackers accessed industrial control systems through vulnerable remote access platforms originally deployed for IT purposes.
4. Throughout 2022-2024, multiple manufacturing facilities reported production shutdowns when ransomware initially targeting business systems affected connected OT environments.

These incidents underscore a fundamental principle: connecting corporate and operational networks carries significant risks that must be carefully analyzed and understood before integration. Security measures should not be afterthoughts, but integral design elements based on thorough risk assessments. Appropriate security controls must include robust capabilities to prevent, detect, and respond to incidents proportionate to identified risk levels.

If your organization faces similar vulnerabilities, consider reviewing your architecture, conducting comprehensive risk assessments, and implementing changes where risk levels warrant them. Those still in the design stage should learn from these examples to avoid similar issues.

The concept of “defense in depth” has evolved significantly since 2015, with modern approaches including:

• Network segmentation with industrial demilitarized zones (IDMZs)
• Zero trust architectures with strict identity verification
• OT-specific monitoring and threat detection solutions
• Supply chain risk management for both hardware and software

Regardless of your approach, maintain a balanced perspective focused on systematic risk management rather than reacting from fear. Newer frameworks like NIST CSF 2.0 (2023) and IEC 62443 updates provide structured guidance for addressing these challenges methodically.