As the World Economic Forum reported earlier this year, more than 600 residential buildings in Ukraine experienced heating disruption when attacked by malware known as FrostyGoop malware. This came as experts became aware of PIPEDREAM, which World Economic Forum author Robert M. Lee described as “the first ICS malware with the ability to scale attacks across systems and sectors.” Both FrostyGoop and PIPEDREAM solidified what was already increasingly apparent – OT and ICS systems are now on the frontline of cybersecurity warfare.
While geopolitics and international escalations are a major factor in the cyberattack landscape, there are also other elements increasing the vulnerability of OT and ICS systems. A significant contributor is that OT is no longer separated from the rest of enterprise networks as it once was. This means that OT isn’t limited to “elite attackers,” as Kevin Townsend at Security Week explained. To address these changes, the approach to OT and ICS cybersecurity has had to evolve accordingly.
The Rise of OT Cybersecurity Commandments
The need for OT cybersecurity started bubbling in the 1990s with demand-driven supply chains, but it really became a reality in 2007 with DHS’s Project Aurora. As a response to this growing need, the Purdue Model was adopted. The Purdue Model came with what were labeled commandments. But as OT cybersecurity defenses and attacks have become more sophisticated, the commandments didn’t necessarily keep up. Of them, though, there is one that remains relevant.
According to Rafael Maman at Sygnia: “Out of the Four Commandments in the by-then-obsolete Purdue Bible, only the first one – promoting network segregation & segmentation – will survive; albeit further nuanced to cover a true and complete segmentation (rather than a Perimeter Security based merely on IT/OT separation), and somewhat downgraded from being the core methodology to a very important best-practice.”
The Introduction of New OT Cybersecurity Frameworks
Along with the commandment of network segregation and segmentation, other frameworks have been developed to better address the evolving OT cybersecurity space. For instance, the SANS Institute established the “five critical controls” for OT Cybersecurity, which consist of developing an incident response plan, building a defensible architecture, gaining network visibility and monitoring, using secure remote access, and conducting risk-based vulnerability management. “Software Defined Networking in the OT space offers an excellent way to simplify network management while enabling microsegmentation and significantly enhancing OT cybersecurity,” says Jeff Smith, CTO of Dynics.
As OT and ICS cybersecurity approaches shift to meet today’s demands, we’re also seeing shifts in budgets. “Cybersecurity budgets across operational technology (OT) infrastructure are firmly moving toward long-term strategy, resilience, and regulatory readiness rather than merely patching legacy systems and purchasing tools,” writes Anna Ribeiro at Industrial Cyber.
When you put all of this together, you get the next phase in the OT and ICS cybersecurity evolution, which is defined by enhanced financial backing and a focus on proactive, segmented strategies.
Sources:
- “Why using IT cybersecurity to protect OT puts industrial organizations at risk” – Robert M. Lee, World Economic Forum
https://www.weforum.org/stories/2025/01/cybersecurity-protect-ot-industrial-organizations-risk-it/
- “Cyber Insights 2025: OT Security” – Kevin Townsend, Security Week
https://www.securityweek.com/cyber-insights-2025-ot-security/
- “The Future of OT Security” – Rafael Maman, Sygnia
https://www.sygnia.co/blog/the-future-of-ot-security/
- “OT cybersecurity budgets shift toward strategy and resilience to meet rising threats, compliance demands” – Anna Ribeiro, Industrial Cyber
