Building Effective Security Operations for Converged OT and IT in Critical Infrastructure
In 2026, escalating geopolitical conflicts are fueling state-sponsored cyberattacks on converged IT and OT systems, threatening to disrupt critical infrastructure and cause billions in economic damage worldwide.
Key takeaways
- •State-aligned hackers positioned themselves in critical infrastructure networks throughout 2025, exploiting IT-OT convergence to steal operational data and prepare for disruptive strikes.
- •Ransomware attacks on manufacturing and utilities surged in 2025, with costs averaging $250,000 per incident, highlighting the financial and operational stakes of unsecured converged environments.
- •Regulatory pressures, including CISA's December 2025 AI integration guidance, clash with legacy system vulnerabilities, creating trade-offs between innovation and security that leave sectors exposed.
Escalating Cyber Risks
The convergence of Information Technology (IT) and Operational Technology (OT) in critical infrastructure has accelerated amid digital transformation. This integration boosts efficiency in sectors like manufacturing, energy, and transportation. But it also erases traditional barriers, allowing IT-based threats to infiltrate OT systems that control physical processes. Recent surveys, such as the 2025 SANS State of ICS/OT Security, show improved threat detection, yet visibility gaps persist.
Geopolitical shifts have intensified these risks. Nation-state actors, including groups linked to China like VOLTZITE, compromised utilities and telecoms in 2025. They built relay networks and exfiltrated OT diagrams. This pre-positioning enables rapid escalation during conflicts. Meanwhile, ransomware evolved to target OT-aware capabilities, halting production at firms like Jaguar Land Rover and Nucor Corp. A Norwegian dam attack in 2025 exposed password risks, underscoring how minor flaws can cascade.
Economic impacts are stark. The World Economic Forum's 2026 Outlook notes 64% of organizations factor in geopolitically motivated attacks. Disruptions cost businesses nearly $250,000 on average, per UK data. Global cybercrime projections hit $13.82 trillion by 2028. For critical sectors, breaches mean not just financial loss but supply chain halts, safety hazards, and environmental damage. Legacy OT systems, often decades old, resist patching without downtime, amplifying exposure.
Less obvious tensions arise between stakeholders. Manufacturers push for Industry 5.0 connectivity, overlapping with 4.0, expanding attack surfaces. Yet attackers focus on IT entry points, exploiting low-hanging fruit. Regulatory bodies like the Cybersecurity and Infrastructure Security Agency (CISA) issued AI-OT guidance in late 2025, warning of model drift risks. This creates trade-offs: AI enhances defenses but introduces new failure modes. Supply chain concentration adds fragility—a single provider breach can ripple globally, as seen in 2025 airport disruptions.
Counterarguments exist. Some experts note fewer ICS/OT attacks than expected, possibly due to unprofitable models for cybercriminals. But this overlooks nation-state motives beyond ransom. Proactive measures, like unified governance and segmentation, show promise in top performers. Still, 65% of large firms cite third-party vulnerabilities as their top challenge, up from 54% in 2025.
Sources
- https://www.paloaltonetworks.com/blog/2025/12/strategic-imperative-ot-it-convergence
- https://nexusconnect.io/articles/5-trends-driving-ot-security-in-2026-from-state-sponsored-attacks-to-ai-powered-threats
- https://iot-analytics.com/ot-cybersecurity-trends-ai-it-ot-convergence
- https://www.cybersecuritydive.com/news/cyber-trends-outlook-2026/810708
- https://www.rockwellautomation.com/en-us/company/news/blogs/cybersecurity-trends-2025.html
- https://reports.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2026.pdf
- https://www.securityweek.com/cyber-insights-2026-the-ongoing-fight-to-secure-industrial-control-systems
- https://www.nozominetworks.com/blog/in-2026-ai-powered-cybersecurity-for-ot-iot-is-table-stakes
- https://www.pwc.com/gx/en/issues/cybersecurity/geopolitical-shifts-amplify-ot-risks.html
- https://www.cybersecuritydive.com/news/manufacturing-sector-cyber-threats-collaboration-ransomware/810930
You might also like
- Feb 23Digital4Security Taster Workshops - Workshop 1: Secure Programming
- Mar 10Testing Without Breaking: Safe Penetration Testing for Industrial Environments
- Mar 17Webinar: Cyber Threat and Resilience Intelligence Briefing Series – National Security
- Mar 17Stop attacks before they spread with Okta’s Identity Threat Protection
- Mar 24The Human Side of Cyber Security