Episode 27. Optimizing Manufacturing Workflows with Next Plus & AI
October 28, 2025
Episode 27. Optimizing Manufacturing Workflows with Next Plus & AI
October 28, 2025
parallax background
Fusce ut velit laoreet

The Darknet's Growing Threat to Industrial Control Systems

By Paul J. Galeski, P.E., CAP,
GrayMatter Chairman & CEO

Read more
 
 
The Darknet refers to a part of the internet that is deliberately hidden and inaccessible through standard search engines and browsers. To access it, users must use specialized networks like TOR or I2P, which anonymize their presence and allow access to sites and services that aren't visible on the surface web. The Darknet, a segment of the "deep web," is home to both legitimate and illicit activities, with a significant portion catering to cybercriminals and illegal marketplaces.

The Darknet's Dangerous Role in Cybercrime

While the Darknet can offer privacy for legitimate uses such as secure communications for activists or journalists in oppressive regions, it is also a haven for criminal activity that, increasingly, threatens operational technology environments.

Bad actors, often anonymous, use the Darknet to exchange and sell stolen data and offer illegal hack-for-hire services and goods. The rise of cryptocurrency, particularly Bitcoin, has enabled these transactions to remain untraceable making the Darknet an ideal environment for cybercriminals to thrive.

A big portion of this trade involves the sale of privileged access to critical infrastructure control systems including those used in power grids, water plants, manufacturing facilities, hospitals and others. The ability to access and exploit these systems poses a major threat to both national security and the global economy.

 
 

The Growing Threat to Critical Infrastructure

One of the most alarming developments on the Darknet is the growing market for access to Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems. These systems are responsible for managing critical infrastructure such as power generation plants, chemical factories and water treatment facilities. If cybercriminals were to gain unchecked access to these systems, the consequences could be catastrophic, resulting in operational disruptions, physical damage or even loss of life.

Cybercriminals offer credentials to ICS networks on the Darknet, enabling others to infiltrate these systems. This represents a dangerous shift from traditional data breaches to targeted attacks on the core infrastructure that supports entire industries and communities.

The Challenges of Combatting Threats

The Darknet's anonymous nature makes it difficult for law enforcement and cybersecurity professionals to track and apprehend criminals. It also cloaks the true number of major cybersecurity events that happen each year because many incidents never get publicized. 

But there are exceptions.

The 2010 Stuxnet attack on Iran’s nuclear facilities is probably the most well-known example of what can happen when someone exploits ICS vulnerabilities. While Stuxnet was deployed using a USB drive, today’s cybercriminals have far more advanced tools and access to the Darknet making ICS networks vulnerable to new and increasingly sophisticated attacks.

In 2011, I made a speech at the International Association of Automation, urging professionals in the industry to take IoT cybersecurity seriously. Unfortunately, even though it was nearly 15 years ago, I'm still amazed to see how often companies have not taken real action to secure their operational technology. 

The ratio of true remediation projects that we do at GrayMatter compared to studies, or assessments, is lopsided in the wrong direction. We see a lot of studies, and not a lot of true remediation. We can't just study cybersecurity, we need to protect our OT systems with the same intensity as the IT world. 

The Vulnerabilities of Industrial Control Systems

ICS systems, especially legacy ones, are often poorly protected from cyber threats. Many are connected to the internet – sometimes unintentionally – creating opportunities for bad actors to find a way into these critical networks. Once inside, attackers can cause widespread damage, steal intellectual property or hold the system hostage for ransom.

One common method of attack is spear-phishing in which attackers use social engineering tactics to trick employees with access to ICS networks. Once these employees are compromised, hackers can infiltrate the system and gain access to sensitive data or control systems.

Ransomware: A Persistent Threat

Ransomware has become a significant problem on the Darknet with criminals selling ransomware tools and services to the highest bidder. These malicious programs encrypt files on a victim’s system demanding payment for the decryption key. In the case of ICS, the damage can be far more severe than just data loss. For example, a ransomware attack on a power plant could disable critical systems, disrupt operations and cause financial losses.

ICS systems, often operating on older technology, are especially vulnerable to ransomware attacks. Without proper defenses, operators may not even realize their systems have been compromised until it’s too late and recovering from such an attack can be complicated and costly.

 
 
 

"Without proper defenses, operators may not even realize their systems have been compromised until it’s too late and recovering from such an attack can be complicated and costly."

 
 

Preparing for Cyber Threats: Getting "Cyber Ready"

As cyberattacks against ICS systems continue to increase, organizations must take proactive steps to secure their networks. While legacy systems may not support all modern cybersecurity measures, companies can begin by implementing a "cyber-ready" design during system upgrades or new installations. This includes strengthening authentication processes, improving backup systems and working with cybersecurity experts to ensure future-proof protection against evolving threats.

By understanding how the Darknet operates and the risks it poses, organizations can take steps to secure their ICS networks and minimize the potential for attacks. Building a robust cybersecurity strategy, educating employees and implementing modern security measures are essential to protecting industrial systems from the dangers of the Darknet.

Organizations must stay vigilant, prioritize cybersecurity and take proactive measures to ensure their systems remain secure from the growing threat of Darknet-enabled cybercrime.

Keeping your ICS under your control is the key to safeguarding your operations and infrastructure.

Download the GrayMatter Cybersecurity Guide for Operational Technology: Get a comprehensive understanding of security in the OT world including top vulnerabilities, best practices and what’s in a cybersecurity plan.

Plus, you can fill out a printable worksheet at the end to determine the level of security in your own operations.

Download the Guide
 
 
 

Paul J. Galeski, P.E., CAP

GrayMatter Chairman & CEO

GrayMatter CEO Paul Galeski’s vision is to elevate GrayMatter to a new, higher category in the solution provider market — one that offers more implementation capabilities than a typical system integrator along with independent, best-in-class strategic consulting and 24/7 support. 

Galeski joined GrayMatter, first as executive chairman and then as CEO, as part of GrayMatter’s strategic partnership with Tailwind Capital in May 2024. 

Galeski has been in the industrial technology market for about 40 years.

In 1989, Paul Galeski founded MAGNUM Technologies, a company that quickly gained recognition for its innovation and growth. By 1995, Inc. Magazine named MAGNUM Technologies one of the nation’s fastest-growing companies. Just two years later, in 1997, General Electric acquired MAGNUM Technologies, integrating it as a subsidiary of GE Industrial Systems. Galeski remained at the helm as President until his departure in early 1999.

Later that year, he founded MAVERICK Technologies, immediately making a bold move by acquiring Software Architects, another Inc. 500 company. MAVERICK Technologies expanded its global footprint by forming the Global System Integrators Alliance (GSIA) in partnership with MPE Industrial Automation Europe and MPE Industrial Automation Asia. 

This alliance connected over 30 locations and 700 professionals worldwide. By 2011, MAVERICK Technologies employed more than 500 professionals who completed 10,000 projects in 45 countries. Rockwell Automation acquired MAVERICK in 2016.