Operational technology (OT) security refers to the cybersecurity measures applied to hardware and software that monitor or control physical devices, processes, and events in industrial environments. This includes industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), programmable logic controllers (PLCs), and safety instrumented systems used in sectors such as electricity, water, oil and gas, manufacturing, transportation, and pharmaceuticals.
Unlike traditional IT security, which prioritizes the confidentiality, integrity, and availability triad in that order, OT security typically inverts the order—availability and safety come first, because an outage or manipulation can cause physical harm, environmental damage, or loss of life. OT assets often run legacy protocols (Modbus, DNP3, IEC 60870-5-104, PROFINET) that were designed without authentication or encryption, and devices may remain in service for 20–30 years, making patching difficult.
Key reference frameworks include:
- IEC 62443, the international standard series for industrial automation and control systems security.
- NIST SP 800-82, the U.S. National Institute of Standards and Technology guide to ICS security.
- The Purdue Reference Model, which segments enterprise IT from plant-floor OT in layered zones.
- MITRE ATT&CK for ICS, a knowledge base of adversary techniques targeting control systems.
Policy attention accelerated after high-profile incidents: the Stuxnet worm disclosed in 2010 that damaged Iranian uranium centrifuges; the 2015 and 2016 attacks on Ukrainian electricity distribution attributed to Sandworm; the 2017 TRITON/TRISIS malware targeting a Saudi petrochemical plant's Triconex safety controllers; and the 2021 Colonial Pipeline ransomware incident, which led to U.S. Transportation Security Administration security directives for pipeline operators. The EU's NIS2 Directive (2022) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have both expanded mandatory reporting and baseline requirements for critical-infrastructure operators, putting OT security squarely on the foreign-policy and national-security agenda.
Example
In 2021, the ransomware attack on Colonial Pipeline forced the operator to halt fuel deliveries across the U.S. East Coast, prompting new TSA security directives that imposed mandatory OT-security baselines on pipeline owners.
Frequently asked questions
OT security prioritizes safety and availability of physical processes over data confidentiality, deals with long-lived legacy equipment and proprietary industrial protocols, and treats downtime or unsafe states—not data theft—as the worst outcome.
Keep learning