U.S. government is alerting energy firms, water providers, and manufacturing businesses about an increasing threat from state-backed hackers. Researchers found that some older industrial control systems can be accessed directly without having to log in first. The U.S. warned on April 7 that Iranian-linked hackers are going after programmable logic controllers (PLCs).
These are used to automate important industrial systems like water and wastewater treatment plants and energy generation facilities. Liz Martin, senior director of threat hunting at Dragos, a company that provides OT cybersecurity services, says that directly targeting exposed industrial devices is no longer just a theory.
Jeff Macre, the main OT security solutions architect at Darktrace, an AI cybersecurity platform, says, "IT-to-OT lateral movement is still a common route in many incidents, but direct exposure is still one of the most avoidable sources of OT risk." Companies need to check their systems from the inside and the outside to find devices that are weak. Only 10% of industrial IoT networks around the world can be seen and monitored.
Dragos's "2026 OT Cybersecurity Year in Review" report says that a lack of visibility made it hard to find problems in almost half of architecture reviews (46%) and most tabletop exercises (88%). "The biggest and most important gaps are: not enough segmentation, weak credentials on privileged accounts, limited operational technology telemetry, and a lack of ICS-aware monitoring," says Dragos' Martin.
He says, "These conditions don't show up on an external scan, but they are exactly what enemies use to get past the perimeter." "We need to make sure we can find and deal with threats before they happen," he says. Martin says, "This means we need to be able to find, respond to, and act on strange things before they happen."
