White Paper: OT Security Insights 2024

This whitepaper, a collaborative effort by Palo Alto Networks and Siemens, explores the escalating cybersecurity risks associated with SCADA and OT devices exposed on the public internet. As the convergence of information technology (IT) and operational technology (OT) accelerates, the attack surface for critical infrastructure expands, making these systems increasingly vulnerable to cyberattacks with potentially severe operational and physical consequences. In 2023, over 1.25 million SCADA and OT devices were found to be exposed to the internet, a significant risk that could allow cyberattacks to directly impact essential services.

The study highlights that enhanced fingerprinting techniques, introduced in March–April 2023, dramatically improved the identification of these exposed devices, particularly SCADA and building control systems. This advancement provided better visibility into the global distribution of vulnerable devices, emphasizing the need for more robust security practices in OT environments. The analysis of 51,000 OT firewalls, using Palo Alto Networks App-ID, revealed substantial malware and exploit activity in OT networks. Mapped to the MITRE ATT&CK Matrix for ICS, key attack tactics identified include Initial Access, Lateral Movement, and Privilege Escalation, which were frequently used to target OT systems.

These findings underscore how attackers gain footholds in critical infrastructure. The geographical and industry-specific analysis further showed that sectors such as manufacturing, energy, and retail are particularly at risk, with poor network segmentation and misconfigurations expanding their attack surfaces.

The whitepaper concludes that, to mitigate these risks, organizations must strengthen security controls, improve network segmentation and implement continuous monitoring. A proactive, adaptive approach to OT security is critical to safeguarding against the growing complexity of cyberthreats targeting critical infrastructure systems.