OT SECURITY INSIGHTS

Palo Alto Networks
& Siemens
Executive Summary

A comprehensive analysis of critical vulnerabilities and security challenges in operational technology environments, providing actionable insights to protect your infrastructure against evolving cyber threats.

Mouse icon indicating to scroll down
Scroll to begin

The Rising Cyber Risk to Critical Infrastructure

As the convergence of information technology (IT) and operational technology (OT) accelerates, the attack surface for critical infrastructure expands, making these systems increasingly vulnerable to cyberattacks with potentially severe operational and physical consequences.

Cyber Risk Visualization
More than 1.25 million SCADA and OT devices were exposed to the internet.
1.25 million

Expanding Risks for Internet-Connected SCADA Devices

Cortex Xpanse® captured more than 4.53 million unique device fingerprints associated with OT application servers exposed to the public internet, revealing a substantial attack surface that adversaries can exploit.

These systems, which control essential infrastructure, face unique threats when exposed to the public internet. Unlike traditional IT systems, cyberattacks on OT devices can have real-world, physical consequences.

SCADA Device Risk Visualization
Cortex Xpanse captured more than 4.53 million unique device fingerprints associated with OT application servers exposed to the public internet.
4.53 million

Threats Inside OT Networks

The analysis of 51,000 OT firewalls, using Palo Alto Networks App-ID, revealed substantial malware and exploit activity in OT networks. Mapped to the MITRE ATT&CK® Matrix for ICS, key attack tactics identified include Initial Access, Lateral Movement, and Privilege Escalation, which were frequently used to target OT systems.

OT Firewall Analysis Visualization

Exploitation of remote services was the most common tactic in OT networks, accounting for 20% of all incidents.

Remote Services Exploitation Visualization

Exploiting privilege escalation enables threat actors to access protected resources and functionalities within a target system or network that are otherwise restricted. This technique represents 12.3% of top 100 exploits.

Aging vulnerabilities represent a significant trend in the OT security threat landscape.

Privilege Escalation Visualization

The top 100 exploits targeting OT networks were dominated by aging vulnerabilities, with 88% being over 5 years old and 61% over 10 years old. This highlights the critical need for comprehensive patching strategies in OT environments.

Aging Vulnerabilities Visualization

Risk Factors Behind OT Vulnerabilities

Robot icon representing OT systems
61.9%
Analysis of top 100 exploits revealed that 61.9% of exploit triggers in OT networks were linked to CVEs aged 6 to 10 years, indicating that legacy systems remain a significant vulnerability.
Box icon representing software packages
82.7%
The manufacturing sector accounted for 82.7% of internal exploit attempts, demonstrating the significant risks posed by OT systems and internal network vulnerabilities, especially through lateral movement and persistence techniques.
Building icon representing industrial facilities
80%
While certain malware exploits such as trojans and ransomware are well-known and documented, the landscape is evolving and innovating at a high rate. Nearly 80% of detected malware in OT networks was classified as "Unknown," underscoring the growing challenge of identifying and mitigating novel or evolving threats.