A ransomware gang from Eastern Europe compromises Colonial Pipeline—but not the pipeline itself. They hit the billing system through an inactive VPN account, using credentials purchased on the Dark Web. The pipeline's operational technology was never directly attacked.
Colonial shut down 5,500 miles of fuel infrastructure anyway.
Why? Because they couldn't be sure what else had been compromised. As one government official later noted, "Planes aren't going to start falling out of the sky." But the uncertainty was enough to trigger a shutdown that caused fuel shortages across the Eastern Seaboard.
In IT environments, a breach costs money. In operational technology environments—manufacturing plants, refineries, utilities—the stakes are different. The consequences become physical.
When Information Becomes Kinetic
Plant floors turn information into something physical and kinetic. Control valves open and close. Temperature sensors regulate chemical processes. Voltage monitors keep equipment from destroying itself.
Fudge the values on a temperature sensor by one degree Celsius, and you can throw off an entire manufacturing process. Contaminate a pharmaceutical batch. Ruin a semiconductor wafer. Produce steel that fails under load. What if an operator's hand gets taken off because a safety system received bad data?
In IT, we talk about data breaches. In OT, we're talking about physical consequences that extend far beyond financial loss. The question isn't whether your data was stolen. The question is whether someone can reach through your network and touch the real world.
The Air Gap Is Dead
For decades, industrial control systems operated on "air-gapped" networks—physically isolated from the internet and corporate IT systems. That separation was the security model: if attackers can't reach you, they can't hurt you.
That world doesn't exist anymore.
Stuxnet proved it back in 2010, breaching Iran's air-gapped nuclear centrifuges via infected USB drives. But the real killer of the air gap isn't sophisticated nation-state attacks. It's business requirements.
Modern ERPs check machinery status multiple times per second. Barcode scanners on the warehouse floor feed inventory data directly into enterprise systems. Quality sensors stream readings to cloud-based analytics platforms. If that barcode scanner can't contact the mothership, it shuts down the production line.
IT and OT convergence creates massive efficiency gains. It also creates more attack opportunities than industrial systems were ever designed to handle.
The Legacy Problem
Here's where things get worse. Plant environments can't tolerate downtime. A 24/7 continuous process facility—a refinery, a paper mill, a semiconductor fab—measures unplanned stops in millions of dollars per hour.
That creates hesitancy to update anything. The result is an antiquated backbone running protocols designed before cybersecurity was a consideration. Firmware with baked-in passwords. Default credentials like "password123" that have never been changed because changing them might break something.
Attackers know this. They exploit old protocols precisely because they know nobody's patching them. Meanwhile, security teams face a timing problem: even adding too many authentication checks can create latency issues. Microseconds add up when systems need to respond in real-time, 24 hours a day.
The robber is already in the house. And the homeowner is afraid to change the locks.
Manufacturing and industrial systems have something IT environments often don't: catastrophic failure modes with no acceptable failover.
Consider a shipyard. Container sensors track position on X and Y axes, coordinating cranes that move multi-ton loads. Manipulate those readings, and you have shipping containers falling out of the sky.
The attack surface is also bi-directional. ERP systems don't just read from the plant floor—they control output. A compromised business system can send instructions downstream to operational equipment. The usual assumption that "the business network and the plant network are separate problems" falls apart when they're connected by dozens of integration points.
Add heterogeneous protocols, thin margins, and fragile legacy systems, and you have environments that are simultaneously high-value targets and poorly equipped to defend themselves.
The Clock Is Running
The numbers confirm what practitioners already know. Attacks on the industrial sector surged 70 percent in 2024. Manufacturing specifically saw an 18 percent increase.
Imagine if robberies were up 18 percent? You'd go, oh my God, I'm getting out of here.
But manufacturers can't get out. Their plants are where they are, running what they're running. The machinery can't be moved. The processes can't be paused. And as IT and OT continue to converge—driven by legitimate business value—the window of vulnerability widens.
This isn't technical debt that can be addressed at the next budget cycle. The convergence is accelerating. The attackers have noticed. And for organizations running critical infrastructure on industrial control systems, the question isn't if their non-human identities will become a target.
It's when.
Marhsall Sorenson is a cybersecurity solutions architect at global systems integrator Myriad360. Follow him on LinkedIn.
