I get tired of writing that 90%+ of the OT protocols used to communicate with PLC’s and other Level 1 devices (and Level 0 … hello Joe) are insecure by design. They lack cryptographic authentication of the source or contents, intentionally. They were designed to work this way. Any person or device with network access to these Level 1 devices can send a properly formatted control or management command, and it will be accepted.
To be fair, an attacker can only affect integrity of the physical process to the degree of what’s possible with the existing I/O. A denial of service or attack on PLC availability is trivial and can be achieved in multiple ways, change IP address, tell the process to stop, load corrupted firmware, …
This problem has been known since the beginning of OT security, and we shined as bright a light of it as we could with Project Basecamp at S4 in 2012. Even to the point of providing Metasploit modules to demonstrate the insecure by design issue.
Time passes, year by year, with minimal progress on this foundational issue. There have been secure, authenticated versions of some OT protocols such as Modbus, DNP3, CIP and others. Vendors have made this available and reported a tiny percentage of green field projects choose to deploy the secure version. OPC UA and MQTT have security, if you go to the trouble of deploying a certificate architecture. Most sectors are still in 2025 primarily communicating to Level 1 with unauthenticated protocols. And there seems to be little effort to change this.
If OT security infrastructure were a city, it would be Venice. The foundation is weak, almost nonexistent. There is no realistic short, medium or long term effort to strengthen it. It just needs to hold on and hope the water doesn’t come in and take it out.
And yet there are beautiful and desirable things being built on this insecure by design, fragile security foundation. Robust monitoring and detection systems. Segmentation with SDN. Very granular and secure remote access. Virtualization and orchestration for recovery. The problem is if the water, or the attacker, can get to that fragile foundation those beautiful things will be worth little and lost.
Image Attribution: kallerna, CC BY-SA 4.0, via Wikimedia Commons