[![Palo Alto Networks](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/logo-pan.svg)](https://www.paloaltonetworks.com)[![Siemens](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/logo-seimens.svg)](https://www.siemens.com/global/en.html) OT SECURITY INSIGHTS Palo Alto Networks \& Siemens Executive Summary === A comprehensive analysis of critical vulnerabilities and security challenges in operational technology environments, providing actionable insights to protect your infrastructure against evolving cyber threats. [![Mouse icon indicating to scroll down](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/icon-mouse.svg) Scroll to begin](#rising-cyber-risk) ## The Rising Cyber Risk to Critical Infrastructure As the convergence of information technology (IT) and operational technology (OT) accelerates, the attack surface for critical infrastructure expands, making these systems increasingly vulnerable to cyberattacks with potentially severe operational and physical consequences. ![Cyber Risk Visualization](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/pan-ot-sec-02.svg) **More than 1.25 million SCADA and OT devices were exposed to the internet.** 1\.25 million ## Expanding Risks for Internet-Connected SCADA Devices Cortex Xpanse^®^ captured more than 4.53 million unique device fingerprints associated with OT application servers exposed to the public internet, revealing a substantial attack surface that adversaries can exploit. These systems, which control essential infrastructure, face unique threats when exposed to the public internet. Unlike traditional IT systems, cyberattacks on OT devices can have real-world, physical consequences. ![SCADA Device Risk Visualization](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/pan-ot-sec-03.svg) Cortex Xpanse captured more than 4.53 million unique device fingerprints associated with OT application servers exposed to the public internet. 4\.53 million ## Threats Inside OT Networks The analysis of 51,000 OT firewalls, using Palo Alto Networks App-ID^™^, revealed substantial malware and exploit activity in OT networks. Mapped to the MITRE ATT\&CK^®^ Matrix for ICS, key attack tactics identified include Initial Access, Lateral Movement, and Privilege Escalation, which were frequently used to target OT systems. ![OT Firewall Analysis Visualization](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/pan-ot-sec-slide1.svg) Exploitation of remote services was the most common tactic in OT networks, accounting for 20% of all incidents. ![Remote Services Exploitation Visualization](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/pan-ot-sec-slide2.svg) Exploiting privilege escalation enables threat actors to access protected resources and functionalities within a target system or network that are otherwise restricted. This technique represents 12.3% of top 100 exploits. Aging vulnerabilities represent a significant trend in the OT security threat landscape. ![Privilege Escalation Visualization](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/pan-ot-sec-slide3.svg) The top 100 exploits targeting OT networks were dominated by aging vulnerabilities, with 88% being over 5 years old and 61% over 10 years old. This highlights the critical need for comprehensive patching strategies in OT environments. ![Aging Vulnerabilities Visualization](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/pan-ot-sec-slide4.svg) ## Risk Factors Behind OT Vulnerabilities ![Robot icon representing OT systems](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/icon-robot.svg) 61\.9% Analysis of **top 100 exploits** revealed that 61.9% of exploit triggers in OT networks were linked to CVEs aged 6 to 10 years, indicating that legacy systems remain a significant vulnerability. ![Box icon representing software packages](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/icon-box.svg) 82\.7% The manufacturing sector accounted for 82.7% of internal exploit attempts, demonstrating the significant risks posed by OT systems and internal network vulnerabilities, especially through lateral movement and persistence techniques. ![Building icon representing industrial facilities](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/icon-building.svg) 80% While certain malware exploits such as trojans and ransomware are well-known and documented, the landscape is evolving and innovating at a high rate. Nearly 80% of detected malware in OT networks was classified as "Unknown," underscoring the growing challenge of identifying and mitigating novel or evolving threats. ## Securing Your Infrastructure ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/ot-insights.webp) ### As your attack surface expands, build a layered, resilient security framework that scales with the growth of risks. [Dig into the Report](https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/whitepapers/ot-security-insights) [### Take an Ultimate Test Drive (UTD) Experience our OT security solutions firsthand with a guided test drive. Test It Now](https://www.paloaltonetworks.com/resources/test-drives.html?topic=industrial-ot-security)[### Sign up for Hands On Workshop (HoW) Join our interactive workshop to master OT security best practices. Get Hands On](https://register.paloaltonetworks.com/industrialotsecurity-how)[### Sign up for Free Trial Try our comprehensive OT security platform with a no-obligation trial. Sign Up Now](https://start.paloaltonetworks.com/industrial-ot-security-free-trial) [Additional Resources](#additional-resources) ## Additional Resources \[![Industrial OT Security icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/icon-iot.svg) ### Industrial OT Security Ensure uninterrupted operation of production facilities with industrial OT cybersecurity protection that lets you focus on continued modernization. Learn More\](https://www.paloaltonetworks.com/network-security/industrial-ot-security) \[![Advanced Threat Prevention icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/icon-atp.svg) ### Advanced Threat Prevention Palo Alto Networks Advanced Threat Prevention is the industry's largest malware prevention engine, stopping highly evasive threats with speed and scale. Learn More\](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention) \[![Machine Learning-Next Generation Firewalls icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/icon-mlngfw.svg) ### Machine Learning-Next Generation Firewalls Today's Next-Generation Firewalls provide advanced protection for physical or virtual public and private cloud networks. Learn about our ML-Powered NGFW. Learn More\](https://www.paloaltonetworks.com/network-security/next-generation-firewall) \[![Prisma Access icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/icon-pa.svg) ### Prisma Access Prisma Access protects hybrid workforces with the superior security of ZTNA 2.0 while providing exceptional user experiences from a unified, cloud-native security product. Learn More\](https://www.paloaltonetworks.com/sase/access) \[![Advanced Wildfire icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/icon-wildfire.svg) ### Advanced Wildfire Palo Alto Networks Advanced Wildfire is the industry's largest malware prevention engine, stopping highly evasive threats with speed and scale. Learn More\](https://www.paloaltonetworks.com/network-security/advanced-wildfire) \[![Cortex Xpanse icon](https://www.paloaltonetworks.com/content/dam/pan/en_US/includes/igw/ot-security-insights/images/icon-cortex.svg) ### Cortex Xpanse Discover and secure digital assets with Cortex Xpanse, automating attack surface management to identify, mitigate, and prevent risks across your connected systems. Learn More\](https://www.paloaltonetworks.com/cortex/cortex-xpanse) [Intro](#ot-security-insights)[02](#rising-cyber-risk)[03](#expanding-risks)[04](#threats-inside-ot-networks)[05](#cve-ages)[06](#securing-your-infrustructure)[07](#additional-resources)