Invisible Threats, Inevitable Attacks: Exposing the Gaps in OT Security

OT Security Expert Panel: Key Insights Into the Evolving Operational Technology Threat Landscape

Operational Technology (OT) security has never been more critical. With cyber attacks targeting industrial systems on the rise, organizations need to understand the evolving threat landscape and take proactive steps to protect their infrastructure.

This webinar brought together four OT security experts to discuss the current state of industrial cybersecurity, real-world threats, and practical solutions

Meet Our Expert Panel

Michael Rothschild from Armis moderated the discussion alongside three seasoned OT security professionals:

• Nick Graham from Raventek, who works with federal civilian organizations
• Danny Bren, CEO and co-founder of OTORIO (recently acquired by Armis), bringing years of cyber-physical systems defense experience
• Carlos Buenano, CTO of OT at Armis, a control systems engineer with six years at Armis and extensive experience across mining, manufacturing, and oil and gas industries

Today’s OT Environment is More Complex Than Ever

Modern OT environments extend far beyond traditional PLCs and DCS systems. Today’s industrial infrastructure includes:

• Robots, actuators, and manufacturing devices
• Building management systems (BMS)
• IoT and IIoT sensors & devices
• Access control systems
• SCADA systems
• IT assets in the OT environment such as HMIs

These systems were designed to run for 30 years or more, creating a complex web of new and legacy devices in an environment that was never architected with security in mind. Many of these environments only have brief maintenance windows resulting in long periods of having to live with known (and unknown) vulnerabilities.

Real-World Breaches Show the Stakes

Three major incidents that illustrate the evolution of OT security threats:

This widespread Bauxite campaign compromised over 100 water and wastewater facilities worldwide using custom malware to lock operators out of HMIs and manipulate PLCs. The operation highlighted poor OT segmentation and default credential issues in critical infrastructure.

Throughout early 2025, the threat group CARR targeted multiple U.S. OT environments (including water treatment, wastewater, and oil & gas infrastructure). They gained access to Human Machine Interfaces (HMIs) and manipulated control operations in California, Florida, Pennsylvania, Indiana, New Jersey, and Texas, causing operational disruptions and property risk in essential OT environments.

This China-linked group stealthily infiltrated U.S. critical infrastructure across energy, water, and telecom sectors, maintaining long-term access for potential future disruption. Their operations, now widely referred to as Volt Typhoon, involved “living off the land” techniques to evade detection.

Watch the Full Discussion

Check out this insightful webinar where our experts will delve into topics and provide you with actionable information including specific attack vectors currently being leveraged, how to implement risk based protection and proven practices and proven frameworks and strategies you can leverage today.Ready to dive deeper into OT security? Watch the complete on-demand webinar to hear all the expert insights and learn how to better protect your organization’s critical infrastructure.