OT Security FAQ for Manufacturers: Industrial Control Systems and Production Security
Operational technology security is one of the most complex areas of manufacturing cybersecurity — and one of the least well understood outside of specialist OT security teams. These are the questions that manufacturing operations directors, IT managers, and plant engineers most commonly ask when beginning their OT security journey.
65% of manufacturing OT security incidents in 2023 were discovered not by the manufacturer's own monitoring but by external sources — their customers, partners, or incident response firms.
OT Security Frequently Asked Questions
Frequently Asked Questions
What is the difference between IT and OT security?
IT security prioritises confidentiality, integrity, and availability — in that order. OT security prioritises safety, availability, and integrity — in that order. This difference in priority creates different approaches: in IT, patching a vulnerable system is done within days. In OT, patching requires assessment of impact on production safety and availability, and may be deferred for months with compensating controls. IT systems can be rebooted without physical consequences. Rebooting a PLC controlling an active production process can have physical safety implications. OT security must work within these constraints rather than imposing IT approaches on OT environments.
How do we know what is connected to our production network?
Most manufacturers are surprised to discover what is on their production networks. Passive OT discovery tools (such as those provided by Claroty, Dragos, or Nozomi Networks) can identify all devices on the network without sending active traffic that could disrupt industrial protocols. The output is typically a comprehensive asset inventory including device type, manufacturer, OS, firmware version, and network connectivity. This is always the first step in an OT security programme — you cannot protect what you don't know about. Kyanite Blue's Collective IP service includes OT asset discovery as part of the initial OT security assessment.
Can ransomware actually affect our production systems?
Yes — this has been demonstrated in multiple real-world incidents including Norsk Hydro (2019), Bridgestone (2022), and Clorox (2023). Ransomware operators have developed tools and techniques specifically designed to move from corporate IT into OT environments and to disrupt industrial control systems. The typical attack path is: phishing email on corporate network → lateral movement to engineering workstations → movement across the IT-OT boundary → ransomware deployment on SCADA servers, historian servers, and in some cases directly on HMIs. Network segmentation between IT and OT breaks this attack chain at the IT-OT boundary.
Do we need to include our OT systems in penetration testing?
Yes, but OT penetration testing requires specialist expertise and careful scoping to avoid production disruption. An OT penetration test should typically include: passive network analysis of OT network traffic to identify vulnerabilities without active testing; external assessment of any internet-facing OT systems (which can be done safely without production impact); assessment of the IT-OT boundary controls; review of OEM remote access configurations; and in some cases, active testing of specific systems in a maintenance window. Never conduct active penetration testing of production OT systems without explicit OEM approval and a safety assessment — the consequences of disrupting a production control system can extend beyond IT to physical plant safety.
Kyanite Blue specialises in cybersecurity for iGaming operators. MGA-licensed operators across Malta trust our stack.
Get in touchReady to secure your iGaming operation?
MGA-licensed operators across Malta trust Kyanite Blue.