- The impact of OT cyber incidents, excluding ransomware on IT, has been less than 1% of all cause OT outages and OT related financial loss.
- A motivated and skilled OT cyber attacker could cause a high or catastrophic incident on many OT systems in almost every sector. The potential attackers are showing increased skill level, persistence on OT, and increasingly gathering site specific process information.
“The test of a first-rate intelligence is the ability to hold two opposed ideas in the mind at the same time, and still retain the ability to function.” F. Scott Fitzgerald
Most of the OT security community threat disagreement comes from a good and fact based place. And often someone espousing one of those two points either ignores or downplays the other point. We need to dance with both of them.
It shouldn’t be hard to say 2025 (and 2024 and 2023 and …) were very good years in OT security because the impact of cyber attacks was tiny. Yea! Isn’t this what we all are working towards?
It shouldn’t be hard to say that most OT systems lack the OT security program maturity to endure an OT cyber attack by a skilled and motivated attacker. Boo! We need to do better.
The real question is what to do. I laid out how I think you approach the issue in my book: A Year In OT Security (available on Amazon or you can look at the weekly tasks at dale-peterson.com). It doesn’t give you a list of controls to implement. It gives you questions to answer, strategies and tactics and plans to develop.