OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns Dragos
Commercial AI models were used to help plan and conduct cyber-attack against operational technology of a water and drainage facility, say researchers
Operational Technology controls physical processes, so cyber risks can disrupt safety, reliability, and availability across connected industrial systems.
Search across headline titles and summaries.
Background for this topic.
Operational technology (OT) comprises hardware and software that monitor and control physical processes—such as PLCs, RTUs, HMIs, SCADA, and DCS—in manufacturing, utilities, transport, and buildings. Its assets include controllers, sensors, actuators, engineering workstations, and the networks linking them. OT depends on precise timing, reliable communications, and safe states; outages or incorrect commands can stop production or affect physical safety, even when little sensitive data is involved.
Security concerns arise where OT connects to enterprise networks, vendor remote-access paths, or internet-facing services. Legacy protocols and long-lived devices may lack authentication, encryption, logging, or practical patching options. A compromise could alter setpoints, inhibit alarms, or disrupt availability, but impact depends on process design and safeguards. Defenders typically segment control networks, restrict and monitor remote access, maintain asset and dependency inventories, use passive monitoring where active scanning is risky, and test recovery and safe manual operation. Vulnerability management must account for maintenance windows, vendor support, and safety validation rather than treating every patch like IT.
Weekly headline count for the current query.
Commercial AI models were used to help plan and conduct cyber-attack against operational technology of a water and drainage facility, say researchers
A new CISA‑led guide explains how zero‑trust security can be applied to operational technology, balancing cyber defence with safety and system availability
ZionSiphon malware targets OT water systems with sabotage and ICS scanning capabilities
CISA has revealed Iranian attacks causing disruption and financial loss at US critical infrastructure firms
E2e-assure says 80% of critical infrastructure providers could face millions in downtime from cyber-attacks
CISA, NCSC and the FBI have released a new security guide to enhance protection for OT environments
ServiceNow is set to acquire Armis for $7.75bn in a cash-only deal expected to close in the second half of 2026
Pro-Russia hacktivist groups have been observed exploiting exposed virtual network computing connections to breach OT systems
Cybersecurity agencies have issued guidance for securely integrating AI into OT systems
The Five Eyes countries, Germany and the Netherlands are launching a standard for managing OT security
Germany, the Netherlands and four of the Five Eyes countries share a common asset inventory for industrial cybersecurity
Cyber incidents targeting OT in US critical infrastructure have prompted renewed federal action
Volt Typhoon's ten-month intrusion of Littleton Electric Light and Water Departments exposes vulnerabilities in the US electric grid
New SANS Institute research finds that 50% of global organizations were hit by an OT security incident in the past year
Telstra found that 75% of cyber incidents impacting manufacturing firms originated from the targeting of IT systems connected to OT environments
A joint government advisory has set out steps critical infrastructure firms should take to ensure any OT products they purchase are secure by design
IOCONTROL, a custom-built IoT/OT malware, was used by Iran-affiliated groups to attack Israel- and US-based OT/IoT devices, according to Claroty
The utilities sector saw a 42% surge in ransomware incidents over the past year, with groups like Play focusing on targets with IT and OT systems
The ACSC, in collaboration with CISA and international partners, has released a guide for securing operational technology in critical sectors
Excessive use of remote access tools is leaving operational technology devices vulnerable, with even basic security features missing