A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology (OT) networks of substations, power plants, and control centers worldwide. Drawing on data from more than 100 installations, the analysis highlights recurring technical, organizational, and functional issues that leave critical energy infrastructure vulnerable to cyber threats. The findings are based on several years of deploying OMICRON's intrusion detection system (IDS) StationGuard in protection, automation, and control (PAC) systems.

The technology, which monitors network traffic passively, has provided deep visibility into real-world OT environments. The results underscore the growing attack surface in energy systems and the challenges operators face in securing aging infrastructure and complex network architectures. This combination of passive and active techniques provided a comprehensive asset inventory across installations.

Which Technical Cybersecurity Risks Are Most Common? OMICRON's analysis identified several recurring technical issues across energy OT networks: Vulnerable PAC devices: Many PAC devices were found to be operating with outdated firmware containing known vulnerabilities. A notable example is the CVE-2015-5374 vulnerability, which allows a denial-of-service attack on protective relays with a single UDP packet. Although patches have been available since 2015, numerous devices remain unpatched. The analysis of over 100 energy facilities highlights the urgent need for robust, purpose-built security solutions that are designed for the unique challenges of operational technology environments. With its deep protocol understanding and asset visibility, the StationGuard Solution provides security teams with the transparency and control needed to protect critical infrastructure.

Its signature-based detection finds known threats instantly, and its built-in allowlisting detects even minute departures from expected behavior. Utilities can identify and address threats at every layer of their substation network thanks to the system's capacity to monitor both IT and OT protocols, such as IEC 104, MMS, GOOSE, and more. With features like role-based access control, automated asset inventories, and smooth integration into current security workflows, StationGuard helps businesses increase resilience without interfering with daily operations.