SECURE NETWORK ACCESS

Corey O'ConnorApril 2, 2025 5 minute read

The Rising Threat to OT Environments in Manufacturing and Critical Infrastructure — And How to Defend Them

Manufacturing and critical infrastructure are undergoing a rapid digital transformation, integrating operational technology (OT) with IT, IoT, and cloud systems to drive efficiency and automation. However, this convergence also expands the attack surface, exposing industrial control systems to cyber threats that can disrupt production, compromise safety, and impact national security. With ransomware gangs, nation-state actors, and insider threats increasingly targeting OT environments—often through unsecured third-party access—organizations must rethink their security approach. Implementing a Zero Trust model is no longer optional; it’s essential for protecting critical operations from modern cyber risks.

In an era where digital transformation is accelerating across every sector, operational technology (OT) environments are no longer isolated from broader IT systems. OT, which includes the industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS)—and many others—that run manufacturing lines, power grids and oil pipelines is now increasingly interconnected with corporate networks, the cloud, and third-party vendor ecosystems. Recent events, such as the attack on a US power utility in Massachusetts by the Chinese APT Volt Typhoon, which aimed to exfiltrate sensitive operational technology (OT) data and maintained persistence for over 300 days, underscore the increasing sophistication and persistence of cyberthreats targeting critical infrastructure.

This increased connectivity brings numerous benefits, from predictive maintenance to remote monitoring, but it also introduces an expanded attack surface, one that cyber adversaries are increasingly targeting. Nation-state actors, ransomware gangs, and opportunistic cybercriminals are exploiting these complex environments, putting business continuity, public safety, (and most importantly) national security at risk.

Why OT Systems Are Uniquely Vulnerable

OT environments were not entirely designed with cybersecurity in mind. Many industrial systems were built decades ago, long before cyberattacks on critical infrastructure were even conceivable. As a result, they have several inherent vulnerabilities:

  • Legacy Systems with No Native Security:
    Many OT systems rely on outdated software and hardware, often running unpatched operating systems or relying on legacy (and insecure) protocols such as Modbus or DNP3 for ICS/SCADA systems.
  • Always-On Environments:
    Downtime is unacceptable in manufacturing, energy, and critical infrastructure, which means applying security patches or conducting regular security maintenance is incredibly difficult — creating a backlog of unaddressed vulnerabilities.
  • Flat, Open Networks:
    Traditional OT networks often lack proper segmentation. Once an attacker breaches the perimeter, they can often move laterally with little resistance, accessing control systems, sensors, and machinery.
  • Third-Party Dependencies:
    OT systems are often maintained by external vendors who need remote access to monitor, diagnose, or update equipment. These third parties introduce significant security risk, especially if they lack proper access controls or use compromised devices to connect.
  • Convergence with IT and IoT:
    The boundary between IT, OT, and IoT (and its industrial counterpart, IIoT) is disappearing. This convergence exposes OT to the same types of sophisticated attacks that plague IT—ransomware, data exfiltration, and supply chain attacks—but with even higher stakes, due to the potential for physical consequences.

Compliance Pressures on Manufacturing and Critical Infrastructure

The escalating cyber risk facing OT environments isn’t just a business concern — it’s a regulatory imperative. Manufacturing and critical infrastructure sectors are subject to increasingly stringent regulations aimed at protecting industrial systems and safeguarding national interests. Frameworks such as ISA/IEC 62443, NIST 800-82, and ISO 27001 establish baseline requirements for securing industrial control systems (ICS) and broader OT environments. Meanwhile, critical infrastructure operators face mandates like NERC CIP for the electric grid, TSA directives for pipeline operators, and ongoing advisories from CISA’s Shield Up campaign — all urging rapid adoption of Zero Trust principles and enhanced security controls to counter growing threats.

In defense and national security sectors, Zero Trust requirements are codified in NIST 800-207 and DISA’s ZTNA mandates, driving adoption of identity-centric access controls network segmentation across defense supply chains and critical OT systems. Compliance today extends beyond simple checkbox exercises; it requires building resilient, adaptive security architectures that align with evolving regulatory frameworks while defending against sophisticated cyber adversaries.

Real-World Consequences of OT Attacks

The stakes for OT security failures are high. In manufacturing, a ransomware attack can shut down production for days or weeks, costing millions in lost revenue and supply chain disruption. In critical infrastructure, the consequences are even more severe, impacting public safety and national security.

  • Colonial Pipeline (2021)
    A ransomware attack on the Colonial Pipeline disrupted fuel supplies across the U.S. East Coast, leading to fuel shortages and panic buying — highlighting the vulnerability of critical infrastructure to cyberattacks.
  • Triton/Trisis (2017)
    A sophisticated nation-state attack targeted the safety instrumented systems (SIS) of a petrochemical plant, demonstrating that cyberattacks could directly endanger human lives by manipulating physical safety controls.
  • Salt Typhoon in Telecommunications
    This threat group, attributed to a nation-state actor, has expanded its targeting to include U.S. defense and critical infrastructure sectors, underscoring the growing geopolitical dimension of OT-targeted cyber campaigns.

Why Third-Party Access is the Weakest Link

Manufacturing plants, oil refineries, and power stations rely heavily on third-party vendors for equipment maintenance, software updates and operational consulting. These external parties often need direct access to OT systems and, in many cases, connect remotely, using VPNs, shared credentials, or unsecured devices.

This third-party access is particularly risky for several reasons:

  • Vendors often lack strong security controls on their own systems.
  • Vendor credentials are frequently shared across multiple users.
  • Access is rarely time-limited — vendors retain privileges long after a project ends.
  • There’s little to no granular control over what vendors can see or do once inside the network.

The combination of weak perimeter defenses, lack of visibility and reliance on unsecured third-party access creates the perfect storm for attackers.

Securing OT Environments with Appgate ZTNA

To secure OT environments against these modern threats, organizations need a Zero Trust Network Access (ZTNA) approach that:

  • Applies Identity- and Context-Aware Access Controls
    Appgate ZTNA ensures that all access—including from third-party vendors—is dynamically governed by the user’s identity, device posture, location, and risk level. This prevents unauthorized or risky devices from connecting to OT systems.
  • Limits Access to the Minimum Required Resources
    Instead of broad, flat network access, vendors (and employees) only get access to the specific systems and devices they need—and nothing more. This limits the lateral movement potential for attackers.
  • Cloaks OT Systems from Discovery and Scanning
    Appgate ZTNA uses Single Packet Authorization (SPA) to make OT systems that are behind an Appgate Gateway invisible to unauthorized users, including attackers conducting reconnaissance.
  • Implements Just-in-Time and Time-Limited Access
    Appgate ZTNA can enforce time-limited access windows for third parties, automatically revoking access when the maintenance window expires and preventing standing privileges.
  • Provides Full Access Auditing and Session Visibility
    All access sessions, including vendor activity, are logged and auditable, ensuring organizations have a complete record of who accessed which systems, when, and for how long.

Protecting Manufacturing and Critical Infrastructure in the Era of Cyberwarfare

Manufacturing facilities, power grids, oil pipelines, and other critical infrastructure organizations face an evolving threat landscape, from ransomware gangs to state-sponsored adversaries. Protecting these environments requires moving beyond traditional perimeter security, adopting Zero Trust principles that treat every user, device and connection as inherently untrusted.

Appgate ZTNA delivers the granular access control, visibility and segmentation required to secure OT environments, with a specific focus on governing third-party vendor access—one of the most common and dangerous attack vectors.

Learn more about Appgate’s approach to secure OT environments for manufacturing. View our solutions page, and read our detailed white paper: The Next Generation of Cybersecurity for Critical Infrastructure: Securing Vital Assets with Universal ZTNA.

Receive News and Updates From Appgate