惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

A
About on SuperTechFans
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
Tenable Blog
WordPress大学
WordPress大学
小众软件
小众软件
Y
Y Combinator Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园 - 聂微东
大猫的无限游戏
大猫的无限游戏
T
The Exploit Database - CXSecurity.com
Attack and Defense Labs
Attack and Defense Labs
Simon Willison's Weblog
Simon Willison's Weblog
C
CXSECURITY Database RSS Feed - CXSecurity.com
量子位
有赞技术团队
有赞技术团队
C
Cisco Blogs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
F
Fortinet All Blogs
S
Schneier on Security
Engineering at Meta
Engineering at Meta
Microsoft Azure Blog
Microsoft Azure Blog
Martin Fowler
Martin Fowler
Recent Announcements
Recent Announcements
Stack Overflow Blog
Stack Overflow Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
阮一峰的网络日志
阮一峰的网络日志
G
GRAHAM CLULEY
Spread Privacy
Spread Privacy
F
Full Disclosure
Scott Helme
Scott Helme
GbyAI
GbyAI
N
Netflix TechBlog - Medium
MyScale Blog
MyScale Blog
Cloudbric
Cloudbric
云风的 BLOG
云风的 BLOG
L
LangChain Blog
aimingoo的专栏
aimingoo的专栏
Hacker News - Newest:
Hacker News - Newest: "LLM"
Security Latest
Security Latest
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
MongoDB | Blog
MongoDB | Blog
The GitHub Blog
The GitHub Blog
The Register - Security
The Register - Security
L
Lohrmann on Cybersecurity
PCI Perspectives
PCI Perspectives
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
D
Docker
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
Secure Thoughts
C
Check Point Blog

WeLiveSecurity

Recovery scammers hit you when you’re down: Here’s how to avoid a ‘second strike’ As breakout time accelerates, prevention-first cybersecurity takes center stage Digital assets after death: Managing risks to your loved one’s digital estate This month in security with Tony Anscombe – March 2026 edition RSAC 2026 wrap-up – Week in security with Tony Anscombe A cunning predator: How Silver Fox preys on Japanese firms this tax season Virtual machines, virtually everywhere – but not all protected Cloud workload security: Mind the gaps Move fast and save things: A quick guide to recovering a hacked account EDR killers explained: Beyond the drivers Face value: What it takes to fool facial recognition Cyber fallout from the Iran war: What to have on your radar Sednit reloaded: Back in the trenches What cybersecurity actually does for your business How SMBs use threat research and MDR to build a defensive edge Protecting education: How MDR can tip the balance in favor of schools This month in security with Tony Anscombe – February 2026 edition Mobile app permissions (still) matter more than you may think Faking it on the phone: How to tell if a voice call is AI or not PromptSpy ushers in the era of Android threats using GenAI Is Poshmark safe? How to buy and sell without getting scammed Is it OK to let your children post selfies online? Naming and shaming: How ransomware groups tighten the screws on victims Taxing times: Top IRS scams to look out for in 2026 OfferUp scammers are out in force: Here’s what you should know A slippery slope: Beware of Winter Olympics scams and other cyberthreats This month in security with Tony Anscombe – January 2026 edition DynoWiper update: Technical analysis and attribution Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan Drowning in spam or scam emails lately? Here’s why ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 Children and chatbots: What parents should know Common Apple Pay scams, and how to stay safe Old habits die hard: 2025’s most common passwords were as predictable as ever Why LinkedIn is a hunting ground for threat actors – and how to protect yourself Is it time for internet services to adopt identity verification? Your information is on the dark web. What happens next? Credential stuffing: What it is and how to protect yourself This month in security with Tony Anscombe – December 2025 edition A brush with online fraud: What are brushing scams and how do I stay safe? Revisiting CVE‑2025‑50165: A critical flaw in Windows Imaging Component LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan ESET Threat Report H2 2025 Black Hat Europe 2025: Was that device designed to be on the internet at all? Black Hat Europe 2025: Reputation is currency – even in the ransomware economy Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece The biggest catch: How whaling attacks target top executives Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture MuddyWater: Snakes by the riverbank Oversharing is not caring: What’s at stake if your employees post too much online This month in security with Tony Anscombe – November 2025 edition What parents should know to protect their children from doxxing Influencers in the crosshairs: How cybercriminals are targeting content creators MDR is the answer – now, what’s the question? The OSINT playbook: Find your weak spots before attackers do PlushDaemon compromises network devices for adversary-in-the-middle attacks What if your romantic AI chatbot can’t keep a secret? Can password managers get hacked? Here’s what to know Why shadow AI could be your biggest security blind spot In memoriam: David Harley The who, where, and how of APT attacks in Q2 2025–Q3 2025 ESET APT Activity Report Q2 2025–Q3 2025 Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming How social engineering really works | Unlocked 403 cybersecurity podcast (S2E6) Ground zero: 5 things to do after discovering a cyberattack This month in security with Tony Anscombe – October 2025 edition Fraud prevention: How to help older family members avoid scams Cybersecurity Awareness Month 2025: When seeing isn't believing Recruitment red flags: Can you spot a spy posing as a job seeker? How MDR can give MSPs the edge in a competitive market Cybersecurity Awareness Month 2025: Cyber risk thrives in the shadows Gotta fly: Lazarus targets the UAV sector SnakeStealer: How it preys on personal data – and how to stay safe Cybersecurity Awareness Month 2025: Building resilience against ransomware Minecraft mods: When ‘hacking’ your game becomes a security risk IT service desks: The security blind spot that may put your business at risk Cybersecurity Awareness Month 2025: Why software patching matters more than ever AI-aided malvertising: How chatbots can help spread scams How Uber seems to know where you are – even with restricted location permissions Cybersecurity Awareness Month 2025: Passwords alone are not enough The case for cybersecurity: Why successful businesses are built on protection Beware of threats lurking in booby-trapped PDF files Manufacturing under fire: Strengthening cyber-defenses amid surging threats New spyware campaigns target privacy-conscious Android users in the UAE Cybersecurity Awareness Month 2025: Knowledge is power This month in security with Tony Anscombe – September 2025 edition Roblox executors: It’s all fun and games until someone gets hacked DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception Watch out for SVG files booby-trapped with malware Gamaredon X Turla collab Small business, big risk: How SMBs can fight back against ransomware HybridPetya: A Petya/NotPetya copycat comes with a twist Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass Are cybercriminals hacking your systems – or just logging in? Preventing business disruption and building cyber-resilience with MDR Under lock and key: Safeguarding business data with encryption GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes This month in security with Tony Anscombe – August 2025 edition Don’t let “back to school” become “back to bullying”
Cybersecurity for the long haul: Protecting legacy OT systems
Tomáš Foltýn · 2026-06-17 · via WeLiveSecurity

Critical Infrastructure

Protecting legacy OT systems against modern cyberthreats

Many manufacturing plants depend on OT systems that stay in service for many years. That long run can hide significant cybersecurity risks.

17 Jun 2026  •  , 5 min. read

Protecting legacy OT systems against modern cyberthreats

In a manufacturing plant built around uptime, a machine that has run the same physical process for years with barely a hiccup earns something less commonly discussed than a track record of throughput: institutional trust. Over time, such quiet reliability has a way of making a certain kind of scrutiny feel unnecessary, to the point that the equipment might become a security blind spot.

For a long time, there was a logic to 'leaving well enough alone.' Much of the operational technology (OT) in manufacturing was designed to keep the physical process stable, and once the production line worked, the sensible move was to keep the equipment in good shape so that it could continue to do its job.

Over the years, however, the ground beneath the machine has shifted, and the equipment least amenable to change now often needs the most protection around it. Many manufacturing environments today face burning questions, including: who can touch the equipment from the network, how vulnerable are the systems that the machines depend on, and has the old bargain – don’t touch it if it works – become part of the risk?

Aging out?

Two or three decades ago, few in manufacturing lost sleep over internet-borne attacks. The threat either didn’t exist or was confined to a handful of nation-state targets. The fact that the industrial protocols had no security baked in didn’t matter much – the machines were isolated from IT and nothing untrusted could reach them. They simply worked, and there wasn’t a compelling reason to touch them.

Until there was. The ‘marriage’ of IT and OT, a hallmark of digitization and Industry 4.0, changed the equation as industrial control systems (ICS) were connected to networks that those systems were never designed for. Of course, connecting production systems to enterprise networks delivers tangible benefits, but the security implications – that systems once safe were suddenly no longer so – arrived more quietly. The various security shortcomings – including weak authentication, limited logging, insecure defaults, and update processes that may require costly downtimes – suddenly became liabilities.

According to the SANS Institute, almost 60% of OT attacks across various industries are believed to stem from compromises in corporate IT environments. Furthermore, the institute's recent survey found that 22% of organizations in essential industries reported a cybersecurity incident over the past year, with 40% of the events causing operational disruption and nearly 20% taking over a month to remediate.

The severity of the threat ultimately revealed itself with damaging cyberattacks, such as the one that hit Jaguar Land Rover in 2025 and is now thought to be the most damaging cyberattack in British history. Additionally, since supply chains run on tight schedules and little-to-no tolerance for error, halting a supplier with just-in-time delivery commitments spawns a full-blown production crisis that engulfs a long list of other companies.

The cost of touching a running line

Interrupting a running production line to upgrade infrastructure with no obvious operational problems is generally a hard sell. The assets are too deeply embedded in the physical process; indeed, they’re often trapped in what the world’s top cybersecurity agencies aptly call ‘self-established obsolescence.’

Meanwhile, ransomware gangs that started paying serious attention to manufacturing found an attack surface that had been expanding for years without corresponding security investments. Causing damage that impacts an operational environment is also different from a pure IT breach. Ransomware operators, some of whom are developing dedicated OT capabilities, understand this math and calibrate their demands accordingly. Sometimes, infiltrating enterprise IT and letting the dependencies do the rest is enough.

To be sure, the business equation is shifting, albeit often from the outside in. Supplier contracts increasingly contain security-related provisions while cyber-insurers require evidence of security controls, to the point that organizations that can’t provide it have to swallow steep premiums or are left without coverage. Regulatory requirements are also tightening across a number of jurisdictions; for example, NIS2 imposes stricter cybersecurity requirements for Europe’s critical industries while the broad regulatory environment in the US also mandates specific actions that drive security maturity in critical industries.

Top cyberthreats up close

Few security vendors have been as close to threats facing critical infrastructure as ESET. Over the years, its threat research team has peered inside some of the most significant incidents on record – including BlackEnergy that triggered a 4–6 hour power outage for 230,000 people in Ukraine in 2015, its successor, GreyEnergy, and Industroyer, the highly customizable malware that speaks several industrial communication protocols used in critical infrastructure systems worldwide and caused a blackout in Kyiv in 2016. In 2022, ESET researchers also identified Industroyer2, which took aim at Ukraine’s energy infrastructure again. In addition, ESET’s analysis of NotPetya documented how an attack with no specific OT target can still devastate organizations running operational technology at scale, including manufacturers.

(Re)building security around your critical equipment

Naturally, you can’t protect what you can’t see, and proper asset visibility remains the foundation of any self-respecting risk mitigation strategy. Start by mapping which systems in an environment are connected and have no security coverage, where IT and OT networks intersect, which segments are unmonitored, and which production systems have fallen outside any vendor support agreement. Given the complexity of cyber-physical systems, there clearly isn’t any one-size-fits-all approach to asset inventory and other tasks.

Actual deployment architecture also needs to be resolved early. Whether by design or due to customer contracts, regulatory obligations or other reasons, some manufacturing environments operate under air-gap requirements. Security platforms built primarily around cloud connectivity may not, therefore, fit the requirements or the budget.

eset-private-insutrial-security

Meanwhile, off-the-peg security tools often don’t efficiently meet the enterprise requirements in legacy OT systems that run on older hardware and outdated operating system versions. The tools need to be stable and unobtrusive enough to run on constrained systems without affecting production. Network protection, for its part, earns its keep on equipment that can’t run any security agent at all, which in most manufacturing environments is by no means an edge case.

Long-term support addresses what the other layers can’t fully close. When an ICS vendor ends development on a platform version, updates eventually stop. The production systems running that version continue to operate for years, accumulating exposure to more threats. Support commitments that outlast the original vendor's support window are the cybersecurity equivalent of signing a long-term parts agreement for a car discontinued years ago. The machine stays ‘roadworthy.’

Built to run for years

Manufacturing has a long history of engineering its way out of crises. It’s also learned a number of hard lessons, including that ignoring a known problem tends to shift – and often multiply – the cost attached to it. The cyberthreat to OT infrastructure is now well-documented, and the tools to tackle it exist. In this industry, this should be enough to get things moving – and, ultimately, build cyber-resilience into the industry’s operations.


Let us keep you
up to date

Sign up for our newsletters