r/OTSecurity

Most plants still rely on legacy PLCs, unmanaged remote access, flat networks, and outdated systems that were never designed for internet connectivity. But now everything is connected: SCADA, sensors, vendors, cloud dashboards, and attackers know it.

The biggest issue I keep seeing is that many companies still apply traditional IT security methods directly into OT environments, which can sometimes disrupt operations more than protect them.

Interesting to see companies like Shieldworkz focusing specifically on OT-aware security instead of generic IT cybersecurity.

What do you think is the biggest OT security gap today: remote access, asset visibility, or legacy infrastructure?

Has anyone witnessed a real life OTA Updates cyber threat before, there are a lot of research papers out their that discuss security of OTA updates, and why we can't just use SSL as secure communication, some people are using separated encryption algorithms for the Firmware (AES, RSA) beside the secure communication part, and even some people are Steganography, but as far as I know we didn't have a real OTA attack until now

Looking at the gap between "best practice" and "what people actually ship" for IoT device identity.

Best practice says: every device gets a unique private key, generated inside a secure element (ATECC608, OPTIGA Trust M, SE050, etc.), never extractable, used for mutual TLS to the cloud and for signing telemetry.

What I see in actual products (teardowns, leaked firmware, CVE reports): keys in flash, often shared across a product line, sometimes hardcoded in the binary. Even from companies that should know better.

For people who've shipped IoT products at any scale, what's the actual barrier?

• BOM cost? (608B is ~$0.60 in volume, hard to argue against)
• Provisioning complexity? (this seems like the real answer — getting unique keys into millions of devices on a contract manufacturing line is genuinely hard)
• Just nobody asking for it until after a breach?

Curious whether anyone's using the pre-provisioned variants (TrustFLEX, TrustCustom) and whether that actually solves the provisioning problem or just moves it.

I did my IC32 and IC33 for OT

I am from a CS and cybersec background currently most of my work revolves around, Breach attack simulations.
I picked up an interest in OT hence did these certifications
. I have barely 2 years of experience
Kindly guide me to shift towards an OT career path
as the Breach attack simulation type of projects have become extremely repetitive.

Hello,

I need your help about where can I buy ISA 62443-1-2, 1-3, 1-4, 2-5 standards. I know some of these are in draft, but in some cases with other stanards, draft are available for sale.

Any idea? I had searched all over the Internet, and i couldn't find them, even isa.org don't sell them.

Thank you!

Water is one of the most relied-upon of all vital services—and yet one of the most poorly cyber-defended critical sectors, way behind power or telecom. That combination makes it a great target for hackers. My story for OT.Today features input from the incomparable Josh Corman.

The leak exposed something most people overlook:
modern ransomware operations rely heavily on reputation management.

Not joking.

Groups like this build entire brands around:

• “professional negotiations”
• “guaranteed deletion”
• “controlled extortion”

But once internal data leaks, that image falls apart instantly.

Read a pretty solid OT-security analysis from Shieldworkz on this earlier and one thing stood out:
manufacturing keeps appearing at the center of these campaigns because cyber incidents there immediately become operational crises.

At this point, ransomware isn’t just an IT issue anymore.
It’s becoming an industrial continuity problem.

First-year Telecom Engineering student targeting OT/ICS cybersecurity. Pursuing Security+ → GICSP path. Looking for advice on building a strong foundation before graduation. Any guidance appreciated

I'm a electrical engineering student, and our clg has a lab with top-notch equipment and a worldwide reputation. many CVEs . I am hoping to work as a researcher or intern there in the topic of OT security research. I've been learning and enjoying it for months, now I'm I was just wondering if firms like Claroty, Dragos, Schiendler Electric, and Siemens really hire freshers and are there relevant opportunities in this industry. Since I don't notice many employment and internship postings, I would like to know the extent of this sector and does remote jobs are available.I would like guidance and opinion.

I’ve been an Instrumentation and Controls Technician for about 8.5 years now. I’m looking to make the jump into OT/ICS cybersecurity and would appreciate any tips. I’ve been seeking out any and all trainings available, and I’m scheduled for the level 1 of ISA 62243 on a few weeks.

Currently working on an AS in computer science, then planning to transfer to a BS in cybersecurity. I have 10 classes left for the AS, and then 16 for the BS.