Not so long ago operations personnel didn’t worry about cyberattacks on Operational Technology assets because such systems consisted of stand-alone devices with no connection to the outside world. The fact that many or most such Operational Technology products lack robust cybersecurity protections was not a concern because they were effectively inaccessible. With no internet access.
Formerly operational technology equipment was air-gapped, now it is hooked up to IT networks and the internet for purposes of monitoring, control, and automation, many of these devices have weak or no security controls in place. These technologies now underpin the organisation's critical infrastructure and have become more digitized and connected, which are deployed full of vulnerabilities.
Most organizations don’t even have visibility into the problem. They have no global view of their attack surface, with its interconnections, entry points, configurations, and policies. It’s not just blind spots such as unscannable operational technology and network devices that prevent such a cohesive view; it’s also organizational siloing between IT and Operational Technology departments and among their various teams.
Often each group has responsibility for a small piece of the puzzle, but no one has the big picture. Without full visibility, it’s difficult to detect policy violations, vulnerabilities, misconfigurations, faulty design, or unplanned or unauthorized changes. It’s also difficult to recognize and respond to complex attacks; individual teams may see only isolated incidents and fail to recognize that these are part of a larger coordinated campaign.