A recent study by OMICRON analysing data from more than 100 energy installations has revealed widespread OT cybersecurity gaps across substations, power plants and control centres worldwide. The findings come from years of deploying StationGuard, OMICRON’s intrusion detection system, in protection, automation and control systems, which passively monitors network traffic to reveal security and operational weaknesses.
The report highlights technical issues such as unpatched PAC devices, insecure external connections, weak network segmentation and incomplete asset inventories, with some security flaws identified within the first 30 minutes of connecting to a network. It also notes organisational challenges, including unclear IT–OT responsibilities, limited OT security personnel and resource constraints, and a trend towards IT and OT convergence that outpaces security measures.
In addition to technical risks, external connections exceeding 50 persistent connections and VLAN tagging inconsistencies in GOOSE messages were observed, while passive and active asset discovery using IEC 61850-6 files and MMS queries helped build more complete inventories. According to OMICRON, StationGuard monitors IT and OT protocols such as IEC 104 and MMS to improve threat detection and asset visibility.