OT security is shifting from a focus on isolating OT to protecting the edge where IT and OT converge, a view reinforced by joint research from Palo Alto Networks OT Threat Research Lab, Siemens Cybersecurity Lab and the Idaho National Laboratory. The study finds that internet-exposed OT assets are rising—a 332% increase between 2023 and 2024 and nearly 20 million OT-related assets observable on the public internet—yet exposure often enables earlier detection rather than disruption.
It also shows that about 70% of attacks impacting OT originate in IT environments, underscoring the need for IT–OT SOC convergence rather than a simple takeover of OT security. The findings reveal that adversaries spend extended time before impact, with 82.8% of activity occurring during precursor phases and an average dwell time of approximately 185 days prior to disruptive activity.
To operationalise this, the article advocates OT SecOps and a security maturity model aligned with IEC 62443, emphasising edge-driven detection and active defence to stop threats early.