Connect with us

Hi, what are you looking for?



OT Maintenance Is Primary Source of OT Security Incidents: Report

A new ICS security report from TXOne Networks says many OT security incidents involved ransomware and vulnerability exploitation. 

A recent report from TXOne Networks, a Taiwan-based cybersecurity firm focusing on operational technology (OT), looks at OT security incidents and their sources, as well as the preparedness of organizations against attacks. 

The report is based on a combination of data from a survey of over 400 CIOs conducted in September 2023 by Frost & Sullivan, and data collected by TXOne itself from more than 500 incidents that occurred last year in North America, Europe and the APAC region. The survey respondents represented organizations in the United States, Germany, Japan and the United Arab Emirates (UAE), with roughly 100 respondents from each country. 

The survey found that 46% of organizations had dealt with an OT security incident in the previous 12 months. Of these incidents, 47% involved ransomware — the percentage was higher in the US and UAE, exceeding 50%, and the lowest was in Germany.

TXOne last year tracked 317 ransomware attacks in North America and 124 in Europe against companies that have OT systems. The government facilities, manufacturing and healthcare sectors were the most targeted. While these attacks were mainly aimed at IT systems, OT environments were also affected in 97% of cases. 

The top three types of OT security incidents reported by respondents also included exploitation of vulnerabilities and malware infiltration. 

In the case of vulnerability exploitation, TXOne told SecurityWeek that organizations with OT systems are often aware of flaws being exploited in their environments, but they are unable to address the problem.

“Some legacy systems are no longer in their warranty periods; however, for technical or business concerns, those assets cannot be updated with the latest operating systems. For example, the existing apps on those assets often will not have any compatible versions with the latest, safer operating systems,” the cybersecurity firm explained. 

While industrial organizations are often targeted in ransomware attacks, the survey showed that 76% are very or extremely concerned by attacks launched by state-sponsored threat actors. One perfect example are the recent US water sector hacks attributed to threat actors affiliated with the Iranian government. 

When asked about the source of OT security incidents, the survey respondents most often named OT maintenance (52%). 

Advertisement. Scroll to continue reading.

OT maintenance, TXOne clarified, includes updating software or firmware on assets, installing new applications, and reconfiguring settings. These activities can be done in-house by engineers or through third-party maintenance. 

“A typical situation is when an asset goes into maintenance and it’s disconnected from other services, maintenance staff would install/copy something from that asset. That’s the point that the malware can enter the system, mostly through removable storage media,” the cybersecurity firm told SecurityWeek

The report also looks into IT-OT convergence risks, cybersecurity complexity and maturity, OT/ICS cybersecurity management and investment, compliance, and regulations. The full report is available in PDF format on TXOne’s website. 

Related: Ransomware Attacks on Industrial Orgs Increasingly Impact OT Systems: Survey

Related: Weapons Systems Provide Valuable Lessons for ICS/OT Security

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

More People On The Move

Expert Insights