In an era where digital transformation is accelerating across every sector, operational technology (OT) environments are no longer isolated from broader IT systems. OT, which includes the industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS)—and many others—that run manufacturing lines, power grids and oil pipelines is now increasingly interconnected with corporate networks, the cloud, and third-party vendor ecosystems. Recent events, such as the attack on a US power utility in Massachusetts by the Chinese APT Volt Typhoon, which aimed to exfiltrate sensitive operational technology (OT) data and maintained persistence for over 300 days, underscore the increasing sophistication and persistence of cyberthreats targeting critical infrastructure.
This increased connectivity brings numerous benefits, from predictive maintenance to remote monitoring, but it also introduces an expanded attack surface, one that cyber adversaries are increasingly targeting. Nation-state actors, ransomware gangs, and opportunistic cybercriminals are exploiting these complex environments, putting business continuity, public safety, (and most importantly) national security at risk.
Why OT Systems Are Uniquely Vulnerable
OT environments were not entirely designed with cybersecurity in mind. Many industrial systems were built decades ago, long before cyberattacks on critical infrastructure were even conceivable. As a result, they have several inherent vulnerabilities:
- Legacy Systems with No Native Security:
Many OT systems rely on outdated software and hardware, often running unpatched operating systems or relying on legacy (and insecure) protocols such as Modbus or DNP3 for ICS/SCADA systems. - Always-On Environments:
Downtime is unacceptable in manufacturing, energy, and critical infrastructure, which means applying security patches or conducting regular security maintenance is incredibly difficult — creating a backlog of unaddressed vulnerabilities. - Flat, Open Networks:
Traditional OT networks often lack proper segmentation. Once an attacker breaches the perimeter, they can often move laterally with little resistance, accessing control systems, sensors, and machinery. - Third-Party Dependencies:
OT systems are often maintained by external vendors who need remote access to monitor, diagnose, or update equipment. These third parties introduce significant security risk, especially if they lack proper access controls or use compromised devices to connect. - Convergence with IT and IoT:
The boundary between IT, OT, and IoT (and its industrial counterpart, IIoT) is disappearing. This convergence exposes OT to the same types of sophisticated attacks that plague IT—ransomware, data exfiltration, and supply chain attacks—but with even higher stakes, due to the potential for physical consequences.
Compliance Pressures on Manufacturing and Critical Infrastructure
The escalating cyber risk facing OT environments isn’t just a business concern — it’s a regulatory imperative. Manufacturing and critical infrastructure sectors are subject to increasingly stringent regulations aimed at protecting industrial systems and safeguarding national interests. Frameworks such as ISA/IEC 62443, NIST 800-82, and ISO 27001 establish baseline requirements for securing industrial control systems (ICS) and broader OT environments. Meanwhile, critical infrastructure operators face mandates like NERC CIP for the electric grid, TSA directives for pipeline operators, and ongoing advisories from CISA’s Shield Up campaign — all urging rapid adoption of Zero Trust principles and enhanced security controls to counter growing threats.
In defense and national security sectors, Zero Trust requirements are codified in NIST 800-207 and DISA’s ZTNA mandates, driving adoption of identity-centric access controls network segmentation across defense supply chains and critical OT systems. Compliance today extends beyond simple checkbox exercises; it requires building resilient, adaptive security architectures that align with evolving regulatory frameworks while defending against sophisticated cyber adversaries.
Real-World Consequences of OT Attacks
The stakes for OT security failures are high. In manufacturing, a ransomware attack can shut down production for days or weeks, costing millions in lost revenue and supply chain disruption. In critical infrastructure, the consequences are even more severe, impacting public safety and national security.
- Colonial Pipeline (2021)
A ransomware attack on the Colonial Pipeline disrupted fuel supplies across the U.S. East Coast, leading to fuel shortages and panic buying — highlighting the vulnerability of critical infrastructure to cyberattacks. - Triton/Trisis (2017)
A sophisticated nation-state attack targeted the safety instrumented systems (SIS) of a petrochemical plant, demonstrating that cyberattacks could directly endanger human lives by manipulating physical safety controls. - Salt Typhoon in Telecommunications
This threat group, attributed to a nation-state actor, has expanded its targeting to include U.S. defense and critical infrastructure sectors, underscoring the growing geopolitical dimension of OT-targeted cyber campaigns.
Why Third-Party Access is the Weakest Link
Manufacturing plants, oil refineries, and power stations rely heavily on third-party vendors for equipment maintenance, software updates and operational consulting. These external parties often need direct access to OT systems and, in many cases, connect remotely, using VPNs, shared credentials, or unsecured devices.
This third-party access is particularly risky for several reasons:
- Vendors often lack strong security controls on their own systems.
- Vendor credentials are frequently shared across multiple users.
- Access is rarely time-limited — vendors retain privileges long after a project ends.
- There’s little to no granular control over what vendors can see or do once inside the network.
The combination of weak perimeter defenses, lack of visibility and reliance on unsecured third-party access creates the perfect storm for attackers.
Securing OT Environments with Appgate ZTNA
To secure OT environments against these modern threats, organizations need a Zero Trust Network Access (ZTNA) approach that:
- Applies Identity- and Context-Aware Access Controls
Appgate ZTNA ensures that all access—including from third-party vendors—is dynamically governed by the user’s identity, device posture, location, and risk level. This prevents unauthorized or risky devices from connecting to OT systems. - Limits Access to the Minimum Required Resources
Instead of broad, flat network access, vendors (and employees) only get access to the specific systems and devices they need—and nothing more. This limits the lateral movement potential for attackers. - Cloaks OT Systems from Discovery and Scanning
Appgate ZTNA uses Single Packet Authorization (SPA) to make OT systems that are behind an Appgate Gateway invisible to unauthorized users, including attackers conducting reconnaissance. - Implements Just-in-Time and Time-Limited Access
Appgate ZTNA can enforce time-limited access windows for third parties, automatically revoking access when the maintenance window expires and preventing standing privileges. - Provides Full Access Auditing and Session Visibility
All access sessions, including vendor activity, are logged and auditable, ensuring organizations have a complete record of who accessed which systems, when, and for how long.
Protecting Manufacturing and Critical Infrastructure in the Era of Cyberwarfare
Manufacturing facilities, power grids, oil pipelines, and other critical infrastructure organizations face an evolving threat landscape, from ransomware gangs to state-sponsored adversaries. Protecting these environments requires moving beyond traditional perimeter security, adopting Zero Trust principles that treat every user, device and connection as inherently untrusted.
Appgate ZTNA delivers the granular access control, visibility and segmentation required to secure OT environments, with a specific focus on governing third-party vendor access—one of the most common and dangerous attack vectors.
Learn more about Appgate’s approach to secure OT environments for manufacturing. View our solutions page, and read our detailed white paper: The Next Generation of Cybersecurity for Critical Infrastructure: Securing Vital Assets with Universal ZTNA.