Hacking the Real World: Protecting Operational Technology from Cyber Threats

In the 1995 cult classic film Hackers, a group of cyber rebels wreak havoc by infiltrating systems that control physical objects like robotic arms and building lights. While it made for an entertaining Hollywood storyline, the reality is that cyber attacks on operational technology (OT) – the machines and systems that run the world around us – pose serious risks in the real world.

Mike Holcomb has been fascinated by this intersection of cyber and physical systems from an early age. As a self-described “computer geek” who grew up around traditional hackers, he was always wondering what malicious actors could do with that kind of access. Movies like WarGames and the Stuxnet worm that damaged Iranian nuclear centrifuges furthered his interest in securing industrial control systems and other OT environments.

“Anytime we move things in the real world, that’s OT,” explains Holcomb. “If I have a power plant, I’m moving a generator to create electricity. If I’m running a subway system, I’m moving trains with people on them.” Cyber attacks that disrupt these operations can have devastating consequences – from production downtime and revenue losses, to threats to public safety.

The now infamous Colonial Pipeline ransomware attack demonstrated the risks. When the IT network housing the pipeline’s back-office systems got infected, it ended up impacting OT assets and forcing a multi-day shutdown – despite the two networks being separate. “If your IT network burns down from ransomware, then your OT network is out,” says Holcomb. “You’re down, you’re not producing, and your company is losing money.”

Protecting OT starts with securing the IT environment and strictly limiting communication paths between the two networks. But there are unique challenges too, like antiquated protocols and proprietary systems designed with little thought for cybersecurity. Holcomb advocates continuously learning and leveraging AI tools like ChatGPT to develop simple, practical defensive solutions tailored to each OT environment’s risks.

For those interested in an OT cybersecurity career, Holcomb’s advice is to first build a strong IT security foundation with training and certifications like Security+. His free ebooks offer 10-step programs for both IT professionals looking to transition into OT, as well as OT engineers aiming to upskill into cybersecurity. He also publishes a newsletter called “Guarding the Gears” and creates video courses breaking down OT concepts.

While cyber attacks on infrastructure grab headlines, Holcomb sees his role as an educator and “translator” – taking the wisdom of OT veterans and making it accessible to anyone wanting to join this essential field. “If one person reads my post or comes to a class, that’s one person I’m helping,” he says. With such attacks increasing, the world needs more “OT security champions” keeping our physical systems safe.

Protect and defend with multiple layers of cybersecurity

Defend your business with All-In-One Cybersecurity®.

Explore layered
security

Learn more about Defendify’s three key layers and All-In-One Cybersecurity®.

How can we help?

Schedule time to talk to a cybersecurity expert to discuss your needs.

See how it works

See how Defendify’s platform, modules, and expertise work to improve security posture.

Take the first step toward comprehensive cybersecurity with a free Defendify Essentials package

Gain access to 3 award-winning cybersecurity modules. Nothing to install. Nothing to pay for.