In recent years, manufacturers have undergone massive digital modernization, integrating operational technology (OT) systems with information technology (IT) networks to support digital transformation, secure remote workers, and enable real-time data sharing. While this interconnectedness brings great efficiency and innovation, it has also introduced significant security risks.
This IT/OT convergence gives malicious actors easier access to previously air-gapped OT environments and exposes legacy systems to modern threats.
Attackers are increasingly leveraging IT/OT convergence to their advantage. For example, it has become common for attackers to leverage social engineering techniques to exploit weaknesses in a company’s own or third-party IT infrastructure and then gain access to operational technology systems.
These types of breaches can significantly disrupt a company’s physical production and distribution capabilities, often for weeks at a time.
As attackers refine their tactics and techniques, OT security is more crucial than ever. Fortinet’s 2025 State of Operational Technology and Cybersecurity Report highlights that OT security is increasingly being prioritized at the executive level, with CISOs now directly responsible for OT security in over half of surveyed organizations. However, it comes with many challenges. OT environments often include legacy technology that is decades old and was deployed long before cybersecurity was a consideration.
Attackers are also increasingly leveraging artificial intelligence (AI) to automate and scale their campaigns targeting OT and critical infrastructure, which adds further complexities. The good news is that manufacturers can also leverage the technology to effectively safeguard their operations and improve their security posture.
AI and machine learning technology can help organizations analyze vast volumes of data across their infrastructure in real-time to uncover possible known and novel threats within their environments. As organizations continue to grapple with the ongoing cyber skills shortage, agentic AI security solutions enable efficient and faster anomaly detection within the security operations center (SOC).
In addition to harnessing the power of AI for their security, there are several other mechanisms that manufacturers should also consider to amplify their security controls.
- Establish Visibility and Controls. You cannot protect what you cannot see. Manufacturers must first gain full visibility into their OT assets. Once visibility is established, organizations then need to protect critical devices and ones that may be vulnerable, which requires protective compensating controls that are designed for sensitive OT devices. Capabilities such as protocol-aware network policies, system-to-system interaction analysis, and endpoint monitoring can detect and prevent compromise of vulnerable assets.
- Deploy Network Segmentation. To effectively protect OT environments, manufacturers must implement strong network policy controls at all access points and create network zones or segments. Various standards such as ISA/IEC 62443 specifically call for segmentation to enforce controls between OT and IT networks and between OT systems.
- Integrate OT into SecOps and Incident Response. OT systems must be explicitly included in security operations and response plans. This means developing OT-specific playbooks, training cross-functional teams, and ensuring executive awareness of the unique risks and consequences of OT breaches.
- Adopt a Platform-Based Security Architecture. Many manufacturers rely on a patchwork of security tools that create blind spots and inefficiencies. A unified platform approach can consolidate vendors, improve visibility, and enable faster, automated responses to threats across IT and OT.
- Use OT-Specific Threat Intelligence. Generic threat feeds often miss the nuances of industrial environments. Manufacturers should invest in threat intelligence that includes OT-specific indicators and AI-powered analytics to detect emerging risks in real time.
The convergence of IT and OT is inevitable and so are the corresponding risks. By embracing AI, and OT-specific best practices, manufacturers can build a more secure, resilient future. The time to act is now, before the next breach disrupts production or critical infrastructure.
