What We Do

    Protect and safeguard your OT network and operations with the industry's most advanced, most capable cybersecurity platform.

    Learn More

      Mission Secure Platform Overview

      Learn More


        Keep your organization secure against cyber threats and take control of your OT network.

        View All Industries

          A Comprehensive Guide to Maritime Cybersecurity

          Learn More


            Find helpful OT and ICS cybersecurity resources, guides, and downloads.

            View All Resources

              eBook: A Comprehensive Guide to OT Cybersecurity

              Read More

                About Us

                Our team of world-class OT, IT, and cybersecurity experts are setting the standard in OT cyber-protection.

                Learn More

                  Cyber Risk: From a Hacker's Point of View

                  Listen Now
                    1 Min Read

                    Cyber Attacks: Assume They’re Already in the OT

                    Written by Paul Robertson

                    Cyber Attacks: Assume They’re Already in the OT featured image

                    The day has come - the adage of “assume they’re already in and will stay in” applies to not only IT networks, but OT networks as well.

                    Not all intruders go straight to a visible attack. High-level intruders exploit vulnerabilities, then set up conditions to maintain a state of compromise, especially in the event there is a detection. We call this persistence. Once an attacker has persistence, they are free to disrupt operations at a time of their choosing. While we would obviously rather stop the intrusion, we must also be prepared to maintain operations or quickly restore operations if an attacker is successful. Many facilities and pieces of equipment are physically remote, which is an advantage in terms of access to a physical attack, but a disadvantage in terms of being able to cost-effectively manage and monitor it.

                    Production Operational Technology (OT) networks were designed and built to run production processes with many built before Internet connections were a normal every-day occurrence. As such, protections were built around life and process safety, not computer and network security. Because of this, securing these systems is a bolt-on after-the-fact exercise, and after what may be years of focus elsewhere, with electronic “cyber” vulnerabilities the safest assumption to make is to work from the position that the equipment and networks are already compromised.

                    If your defenses, future plans, processes and procedures all assume that attackers have already been somewhat successful, then protections emplaced will be resilient against not only new attacks, but existent problems as well. This means your operational processes are more likely to remain unaffected by an attack or error than if you take the traditional approach of perimeter hardening alone.

                    In the Ukraine power grid event in December 2015, one of the lessons learned was the malware toolkit was embedded in several of the process control networks — as in resident and undetected. We’ve seen supply-chain firmware attacks on customers Programmable Logic Controllers (PLCs) that were detected after system installation. If we start with the premise of a compromised environment, we can engineer robust protections and detections that allow the best chance of both detecting problems and stopping malice.

                    While we must also deal with difficult updates, long maintenance cycles, short staffing, minimal budgets and an emerging hostile set of attackers learning more about OT networks and equipment, it’s in your best interest to “assume they’re already in and will stay in.”


                    Interested in learning more? Send us a message.