SECURITYWEEK surveys real-world ICS security tales from a cross-section of practitioners, with John Simmons of FortiGuard Incident Response recounting an Iranian-linked APT attempting to move from IT to OT in the Middle East, using new malware and fresh infrastructure to reestablish access before finally being cut off.
Other accounts include Brian Proctor of Frenos describing a combined-cycle plant where a vulnerability scan triggered turbine shutdowns within two minutes and 11 seconds, leading to a ban on IT tools in OT. Morey Haber of BeyondTrust recalls a secure facility incident where open-source software installations led to a contractor being terminated after credentials and access were mishandled.
Kevin Paige of C1 highlights how unpatched Solaris servers and default credentials in mission-critical OT systems created a reachable attack surface, underscoring the importance of true isolation and visible networks. The collection also features Agnidipta Sarkar of ColorTokens discussing shadow IT and CSV in pharma, Vivek Ponnada of Frenos pushing risk-based OT improvements, and field notes from Nozomi Networks and Zero Networks on improving OT visibility and controlling IT–OT connectivity. Written by Eduard Kovacs, this piece emphasizes that policies on paper often diverge from plant-floor realities.