ProjectX eBook: 2026 Edition
April 8, 2026
Defense-in-Depth: Turning Point Solutions into an OT Cyber Strategy
April 13, 2026ProjectX eBook: 2026 Edition
April 8, 2026Defense-in-Depth: Turning Point Solutions into an OT Cyber Strategy
April 13, 2026CYBER THREAT ADVISORY
Increased Targeting of Industrial Control Systems Across Critical Infrastructure
Iran-Affiliated Threat Actors Targeting U.S. Infrastructure
From the Desk of: Scott Christensen, GrayMatter Cyber Practice Director
Recent intelligence from U.S. federal agencies, including Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), and the Department of Energy (DOE), highlights a growing cybersecurity concern for industrial organizations.
A joint advisory warns of increased activity from Iran-affiliated threat actors targeting critical infrastructure, with a specific focus on industrial control systems (ICS), including PLCs and SCADA environments.
While not every organization is directly targeted, the pattern is clear: operational technology (OT) environments are increasingly in scope for nation-state cyber activity.
Observed Threat Activity
Recent activity observed by federal agencies includes:
- Targeting of internet-exposed PLCs and OT devices
- Exploitation of weak authentication and default credentials
- Abuse of remote access pathways (VPNs, vendor connections, cellular links)
- Attempts to manipulate control logic, extract configurations, or disrupt operations
This is not opportunistic noise, it reflects a deliberate shift toward operational disruption.
Recommended Immediate Actions
Organizations should take the following steps to reduce risk in the near term:
- Identify and secure all internet-facing OT assets, especially PLCs and SCADA systems
- Eliminate direct internet exposure to control systems wherever possible
- Harden remote access:
- Enforce multi-factor authentication (MFA)
- Restrict vendor access
- Review cellular and remote connectivity paths
- Audit credentials and remove default or shared accounts
- Increase OT network monitoring for anomalous activity and unauthorized logic changes
- Validate OT-specific incident response readiness, including coordination with operations teams
Strategic Considerations: The Shift from IT to OT Risk
This advisory reinforces a broader industry shift.
Threat actors are no longer focused solely on IT systems. They are increasingly targeting operational environments where cyber incidents can create real-world consequences:
- Safety risks
- Regulatory violations
- Production downtime
- Product quality impacts
In industries like pharmaceutical manufacturing, water/wastewater, and industrial production, even minor control system disruptions can cascade into significant operational and business risk.
Why This Matters to Your Industry
Pharmaceutical Manufacturing
Pharmaceutical operations depend on tightly controlled, validated environments. Cyber disruption here is a compliance and product integrity risk.
- Increased exposure in batch processing systems and MES integrations
- Potential impact to FDA/GxP compliance and validated control environments
- Risk to cleanroom environmental controls and automated production processes
- Possible production interruptions affecting supply and patient outcomes
Water & Wastewater Utilities
Water systems are foundational to public safety and increasingly targeted due to their distributed nature.
- Direct threats to treatment processes, pumping stations, and dosing systems
- Increased risk of service disruption and public safety incidents
- Vulnerabilities across remote sites and telemetry infrastructure
- Regulatory and environmental compliance exposure
Manufacturing
Modern manufacturing environments rely on interconnected systems that blur the line between IT and OT.
- Risk to both continuous and discrete production lines
- Potential downtime, equipment damage, and supply chain disruption
- Exposure through legacy protocols and flat network architectures
- Targeting of PLC-driven automation and robotic systems
How GrayMatter Can Help
Addressing OT cybersecurity requires alignment between operations, engineering, and security.
GrayMatter supports organizations with:
- Rapid OT exposure and risk assessments
- Network segmentation and architecture validation aligned to Purdue Model principles
- Threat-informed reviews tailored to your industry
- Development and refinement of OT-specific incident response plans
Start the Conversation
If you’d like to better understand your current exposure or conduct a focused review of your OT environment, we’re here to help.
Schedule a time with our team to discuss strengthening your cybersecurity posture.