Data center infrastructure is built for resilience. Power, cooling, and physical security systems are tightly engineered to keep operations running, even under strain. But from a cybersecurity perspective, these same systems remain an open flank. Cyber-Physical Systems (CPS) such as HVAC controllers, power distribution equipment, and access control networks rarely fall under the scope of OT cybersecurity programs. They are essential to uptime. Yet in many facilities, they remain invisible to monitoring tools and unmanaged by cybersecurity policy. What’s happening The integration of CPS into data center operations is not new. But their exposure is growing. As more facilities adopt smart infrastructure (remote power control, intelligent cooling, integrated security) these systems are now connected, accessible, and increasingly targeted. CPS assets are externally managed ...

For a CISO, the most paralyzing aspect of an OT incident isn’t just the technical restoration - it is the high-stakes dilemma of when to trigger the recovery path. While a confirmed cyber event requires an immediate and clear response, the reality for most operators is a grey zone, a state of unconfirmed suspicion where anomalous behavior is detected but its origin is unknown. According to the 2025 SANS Survey (State of ICS/OT Security), 20% of organizations hit by a cyberattack require over a month to recover. This delay occurs because, unlike IT (where system re-imaging and backup restoration are routine) OT recovery is governed by the rigid requirements of functional integrity and physical safety. When a CISO faces suspicion rather than certainty, they must ask: Is a recovery path even feasible? Can we afford to trigger this process multiple times without total ...

Critical infrastructure operators face a Faustian bargain when ransomware strikes. Paying hackers to restore operations may appear the easiest route, but every ransom strengthens the criminal business model, ensuring more attacks in the future. Refusing to pay avoids fueling the cycle, but often at a far greater operational cost.  When companies pay: JBS Foods transferred $11 million to its attackers in 2021 after ransomware froze beef plants across the U.S. Colonial Pipeline paid $4.4 million the same year to restore its billing and scheduling systems after a five-day shutdown left the East Coast scrambling for fuel. In both cases, executives judged that paying was less costly than prolonging the disruption. When companies refuse: Maersk took the opposite path in 2017. The NotPetya attack crippled its global shipping operations, and instead of ...

The increased risk from OT cyberattacks by state-sponsored actors and sophisticated criminal networks has driven regulators to tighten requirements. In the U.S., EU, and Singapore, authorities are moving from voluntary guidelines to binding rules that mandate incident reporting within defined timeframes and require documented incident response and recovery plans, In some cases there are significant penalties for non-compliance. Operators will need to adjust to these new mandates and upgrade their incident response planning and processes. Why it matters Expanded Mandates. In addition to voluntary frameworks such as NIST guidance, regulators are introducing enforceable rules: TSA directives for pipelines, NERC CIP standards for the grid, NIS2 across the EU, and Singapore’s amended Cybersecurity Act. These measures impose defined reporting timelines and require ...

With a new Administration that issued a government-wide regulatory freeze on Jan. 20 and launched a deregulatory executive order eleven days later, many in industry expected rollbacks or lighter enforcement this year. In OT, that did not materialize. TSA renewed and updated its pipeline cybersecurity directive effective May 3, 2025, and CISA’s CIRCIA rulemaking continues on a path toward a late-2025 final rule and 2026 effective date. Why it matters Critical infrastructure cybersecurity is being treated as a national resilience priority, not a partisan debate. Despite broader deregulatory signals in 2025, mandatory OT cybersecurity requirements remain in place and CIRCIA reporting is still expected once the final rule takes effect. That keeps pressure on operators to deliver timely, defensible incident evidence. State of play • Pipelines: TSA’s SD ...

Automation is now a core part of oil and gas operations. Companies are expanding the use of remote operations, real-time optimization, and AI-based decision systems to improve efficiency and reduce operational costs. But these same technologies, by design, introduce more IT dependencies: more remote access points, more software layers, and more connected systems. Each of these creates a new potential vector for attackers to influence physical operations. As control of pumps, compressors, and electrical systems shifts to centralized software environments, the risk shifts with it, from isolated faults to coordinated disruptions that begin in IT and play out in the physical world. This trend is only accelerating. According to Deloitte’s 2025 Smart Manufacturing Survey [i] , 86 percent of energy and industrial companies are increasing their investments in automation and ...

This week marks the 15th anniversary of Stuxnet’s discovery on 17 June 2010: the most well-known (and notorious) OT cyber-attack to disrupt physical equipment. With the target of the attack – Iran’s contentious uranium enrichment program – now the most important world event happening today, this is an opportune time to revisit Stuxnet and what lessons can be learned by Industrial Control System operators today. A Quick Refresher Stuxnet penetrated control systems at the Natanz enrichment site through compromised USB drives plugged into engineering workstations. Using four zero-day Windows vulnerabilities, the worm crossed the plant’s air gap and installed itself on Siemens S7 PLCs that controlled the centrifuges. It injected malicious ladder logic that forced rotor speeds beyond safe limits while feeding the control system (and, in turn, plant operators) falsified ...

Critical Infrastructure operators have long invested heavily in OT cybersecurity via network segmentation, enforcement of network access restrictions, and deploying perimeter defenses. Yet despite these efforts, one critical vulnerability persists: the supply chain. According to research by ENISA , attackers are increasingly targeting the OT supply chain - compromising software updates, embedded components, and third-party service channels to infiltrate systems through trusted pathways. These attacks often bypass traditional detection layers entirely, remaining invisible until the physical process is affected. What’s happening Supply chain attacks are not new. But since 2024, their frequency, complexity, and relevance to OT environments have escalated. Research from early 2025 shows that attackers are not only increasing activity, but deliberately exploiting the ...

Most OT cyber threats that target critical infrastructure (power, water, manufacturing) never make the news. They don’t get disclosed. Sometimes, they aren’t even recognized. This persistent underreporting isn’t just a data gap. It’s a risk amplifier - a force multiplier that leaves CISOs blind to real threats, makes security planning reactive instead of proactive, and ultimately puts physical systems at risk. Why? Because underreporting causes: Blind spots across the industry : Without shared incident data, threat intel remains incomplete. That means attack methods get recycled while defenders stay in the dark. Missed warning signals : Trends that should trigger preventive action (like repeat targeting of certain PLCs or entry via IT) go unnoticed across sectors. Distorted risk models : If breach numbers appear low, executives and regulators assume ...