When IT Security Breaks OT: The Cybersecurity Crisis Shutting Down Industry

In recent years, Operational Technology (OT) cybersecurity has become one of the most pressing challenges in industrial environments. With the introduction of the NIS2 Directive, a European cybersecurity framework, and the Dutch Cybersecurity Act (Cbw), CEOs are now made accountable for OT security risks. Panic sets in. Seeking risk mitigation, many CEOs delegate this responsibility to the IT department. A move that often leads to unintended consequences.

Legacy systems, modern threats: The hidden risks inside OT

Modern threats like ransomware, supply chain attacks, and insider threats now infiltrate OT systems. Unlike traditional IT systems, OT environments often run on legacy systems that cannot be easily patched or upgraded. One striking example is the infamous Stuxnet incident. A sophisticated malware that entered critical infrastructure not via internet connections, but through infected USB sticks and engineers’ laptops. That same threat vector remains alive today. In recent years, similar attacks have entered OT networks through software updates, vendor access, and remote maintenance tools.

The biggest challenge is that OT systems were never designed with cybersecurity in mind. Their goal is uptime and continuity, not defense. As a result, the consequences of IT-like responses, such as forced patching or excessive monitoring, often result in downtime, broken processes, and operational chaos.

Why IT security tools fail in the OT world

The cybersecurity industry is undergoing a shift. We’re seeing a surge in IT-based tools, such as antivirus, log servers, and asset discovery platforms. They being forcefully deployed in OT environments. However, these tools are not always suitable for legacy systems. Some crash legacy devices; others generate floods of alerts that no one understands or acts upon.

At the same time, there’s a growing realization that cyber hygiene in OT should be the foundation and not monitoring. Threats don’t just walk in through internet-connected firewalls. More often, they slip in through USB ports, remote engineer sessions, maintenance laptops, or misconfiguration of the IT/OT firewall. Yet many OT environments lack basic segmentation, enforce no USB policies, and rarely track vendor access. These are gaps that attackers exploit repeatedly.

Don’t break the process: The MODELEC way to smart OT security

MODELEC approach to OT cybersecurity is shaped by one core principle: Don’t break the process. We focus on practical, low-complexity solutions that reduce workload and avoid disrupting industrial continuity. Prevention starts with strong hygiene: controlling remote access, managing engineering laptops, and isolating legacy systems with virtual patching technologies.

Detection should not mean full network scans or constant active probing. Especially not on fragile systems like those running Windows XP SP2. Instead, passive monitoring and anomaly detection tailored to OT protocols are critical. And response must always be driven by OT specialists who understand the operational consequences of any security action.

We don’t believe in copy-pasting IT practices into OT. For example, while IT focuses on use cases and alert triage, in OT we focus on impact to the process. A firewall rule that stops remote PLC access may sound great in a SOC, but if it blocks a maintenance engineer mid-operation, it could trigger a plant shutdown.

Bridging the gap: Why events like Cybersec Netherlands are vital for OT security

Events like Cybersec Netherlands are essential for advancing OT cybersecurity. They foster in-person knowledge sharing between IT and OT professionals. A critical step in breaking the silos that often cause misaligned security strategies. Past events have helped establish best practices, showcased technologies built for OT, and connected struggling industries with the rare specialists who can guide them.

With the shortage of IT security experts already dire, OT security professionals are an endangered species. We need events that recognize, support, and grow this niche expertise.

From compliance to continuity: Rethinking OT security for real resilience

The truth is, many current OT cybersecurity projects are driven by fear and compliance pressure, not by understanding. Budgets are spent. Tools are deployed. But the risks remain, because we’re solving the wrong problems with the wrong tools.

What’s needed is a mindset shift: from IT-driven control to OT-aligned protection. Let’s stop pushing patching where it breaks things. Let’s start building long-term, flexible defenses that preserve uptime, reduce complexity, and allow OT professionals to focus on their core business.

Because in the end, real security in OT isn’t just about stopping attacks. It’s about keeping the lights on: safely, reliably, and without losing our minds in the process.

Whether you are a CEO, IT security specialist, or OT engineer: now is the time to break down silos and take action. Join us at Cybersec Netherlands to connect with peers, share expertise, and shape the future of OT security together. Don’t wait for the next incident. Be part of the solution today!

As cyber attacks continue to threaten today’s tech landscape, this event is the premier platform for seasoned cyber security professionals and innovative start-ups to exchange knowledge and tackle cybersecurity challenges together. Organizations across all sectors will discover strategies to boost cyber resilience and safeguard critical assets. Don’t miss this chance to strengthen your cyber defenses—register for free now!

Simultaneously with Cybersec Netherlands, the Data Expo takes place in Hall 12—the perfect spot for additional knowledge, insights, and inspiration in the field of data.