There is a lot of attention on Operational Technology (OT) networks and critical infrastructure companies as of late. The Russians have targeted the Ukrainian energy sector since 2015, and now Russian-based actors are believed to be behind the Colonial Pipeline attack. In the United States, a water treatment facility in Florida suffered an attack in early 2021. Targeting these companies and networks is not new and is something that governments and the companies that run these networks have been trying to address for many years.
OT networks often involve unique technologies and run and control vital public services, like oil and gas, energy, water, and telecommunications. There is a long-standing assumption that these networks are air-gapped, or separated from the Internet and traditional corporate IT networks. Most cybersecurity practitioners have known for years that this isn’t true, but security has still had a split focus: how you secure your IT network won’t work for your OT network.
