Ans: There are several factors contributing to the sharp increase in OT security prioritization across critical infrastructure in India. Systems deployed across airports, healthcare institutions, pharmaceutical facilities, and manufacturing environments are prime targets for cyberattacks, as threat actors are well aware that much of this infrastructure relies on legacy technologies. Today, with stricter government regulatory mandates such as specific guidelines for IT/OT security from the Central Electricity Authority and other regulatory bodies, the demand for OT security is increasing. A significant rise in cyberattacks targeting critical infrastructure is also driven by geopolitical tensions and cross-border conflicts India has with some of its neighbors, and the systems have to be kept secure. Large-scale digitization of OT environments is gaining traction, and threat profiles are shifting from traditional cyberespionage to description-oriented attacks, which are now prevalent and are driving the growth of OT security.
Ans: A fundamental difference in the IT and OT security is the priority. In IT security, confidentiality is primary, integrity comes second, followed by availability with lesser priority to downtime of the systems. However, in OT security, availability takes precedence and is far more critical than confidentiality or integrity. Manufacturing can plan more downtime with the IT systems than with the OT systems, as the latter directly correlate with the revenues. Standard IT practices like rebooting, patching, or aggressive scanning are not implemented in OT, as they will impact revenue generation due to system shutdown. There is a common misconception within the manufacturing workforce that OT environments are fully air-gapped from IT systems, which is no longer true. Additionally, a significant protocol gap exists, with IT relying on secure communication protocols and OT often operating on less secure ones. This fundamental difference makes the two environments inherently distinct, and traditional IT strategies do not translate effectively into OT settings.
Ans: Cyberattacks targeting ICS and SCADA systems have evolved dramatically over the last two decades, both in technical sophistication and real-world impact. Earlier, both these systems were air-gapped, and attacks were few with threats from malware through USB devices being observed. However, the rise in IT-OT convergence and the connectivity through the internet exposed ICS to broader attack surfaces. Today, the attacks are more targeted, impacting supply chains and infrastructure. Real-world impact includes multiple attacks on Ukraine power grid last year, leading to outages. Similarly, Jaguar Land Rover shut down UK production lines for over 10 days to protect the IT systems from damage. With the growing adoption of web-based SCADA systems, the attack surface has expanded, making them easier targets for threat actors. This includes potential compromises of service provider infrastructure, which can result in widespread disruptions. Attacks continue to evolve, where protocol-level attacks, SQL injections, and cloud-based attacks are getting more sophisticated, with technical IT systems failing to detect them. ICS/SCADA cyberattacks have evolved from low-impact IT spillover to highly targeted and destructive cyber-physical operations.
Ans: There are two ways we look at AI enabling in the OT environment – Cybersecurity for AI and AI for Cybersecurity. On the defense side, the gains are very substantial because AI-enabled security operations can lead to about 90% of rationalizations of alerts that come through. Identifying false positives from the generated alerts of the OT systems can reduce alert fatigue of analysts. At Inspira, we have AI-powered operations where 80% to 90% of these false alerts are eliminated, enabling analysts to focus on real incidents and not waste time on false positives and repetitive alerts. Furthermore, today's anomaly detection devices inherently come with AI algorithms embedded, which have far better detection capabilities compared to the ones used in the past. Inspira’s AI-driven ASM models help ensure that no organizational devices are publicly exposed, safeguarding digital assets and strengthening overall security. At the same time, AI-driven attacks are rapidly evolving and cannot be overlooked, particularly given the low barriers to entry for exploiting OT environments, especially when systems are publicly exposed.
Ans: First and foremost, organizations should prioritize visibility of all OT assets, data, networks, and protocols that are being used, because only what is known and visible can be protected. Architectural separation is a critical consideration within OT environments, ensuring that systems with similar risk profiles are grouped into distinct zones, and that data flows between logical and physical layers are tightly controlled. Integrating OT risks into the broader enterprise risk management strategy is equally important and should not be overlooked. Implementing a Zero Trust architecture in OT environments, supported by well-defined policies and procedures, can significantly strengthen an organization’s security posture. Additionally, a robust incident response and recovery framework is essential to effectively address potential attacks on OT systems, and embedding security by design enhances the resilience of OT infrastructure.
Managing data flow from OT to IT, for analytics, AI model training, or digital twins, is equally critical, particularly with real-time data in play. With IT–OT convergence, traditional air gaps are no longer viable, making secure, well-governed workflow automation essential.
Ans: The first gap that is observed in OT security implementation is the governance gap, where OT sits in a fragmented regulatory space, and the adoption differs very widely across sectors, although many end users are implementing global standards. Many facilities prioritize physical resilience and operational continuity while giving limited attention to identity controls, command verification of what is being sent to PLCs, and the monitoring of engineering action, such as changes in program and configuration. The second challenge is the visibility gap, as most Indian manufacturing sites do not have a comprehensive inventory of all the assets that are present in their environment. Significant skill gaps persist within OT environments, including cultural, technical, cybersecurity, and AI-related challenges, and addressing them requires a clear mindset shift at the leadership level. Many organizations prioritize quick wins to boost production with minimal changes, often without fully understanding the potential risks, including exposure to exploitation by competitors or threat actors through techniques such as prompt engineering. Conducting rigorous, OT-specific tabletop incident response exercises is equally critical. Moreover, investment in OT security must be on par with IT, and organizations in India need to move beyond the outdated assumption that OT and IT systems remain air-gapped in today’s highly interconnected landscape.
The AI Advantage: Enhancing Cyber Resilience in Healthcare
By: Pritam Shah, Global Practice Head – OT Security and Data Security, Inspira Enterprise
