How agencies can secure OT without shutting it down

Operational technology (OT) is a prime cyber target in federal environments because it underpins essential services and mission-critical operations. According to Forescout Research – Vedere Labs, attacks using OT protocols surged by 84% in 2025 across global government and critical infrastructure environments, including power, water, transportation, manufacturing, and logistics systems.

At the same time, OT remains one of the hardest environments to secure. Patch windows are limited, downtime is risky, modernization is slow, and taking systems offline can trigger real-world consequences. These constraints make OT both operationally indispensable and highly attractive to adversaries seeking persistent access rather than immediate disruption.

As a result, federal agencies have often felt forced to choose between preserving uptime and accepting cyber risk, or enforcing security controls that jeopardize operations. But in today’s threat environment, that framing has become untenable. Federal agencies and the civilian organizations that work with them need a different mindset: resilient cyber control without disruption.

A boundary adversaries will not respect

To address competing operational and security imperatives, the Department of Defense has expanded its zero-trust strategy beyond enterprise IT into OT environments, up to a defined line of demarcation. This guidance builds on existing cybersecurity architecture and policy frameworks and provides meaningful direction to secure OT systems that fall under established enterprise authority.  

But adversaries don’t operate according to organizational boundaries. 

Threat actors will look for the exact point where formal enforcement ends and use it as a transition zone. From there, they move laterally through trusted connections, legacy protocols, and shared infrastructure, often without triggering alarms. If zero trust is treated as complete at the edge of formal guidance, organizations risk leaving attackers a predictable path into mission systems and critical operations. 

That exposure is amplified by the prevalence of legacy industrial protocols that were not designed for modern threat environments. Even where secure alternatives exist, adoption remains limited due to long equipment lifecycles, fragmented vendor ecosystems, and the operational risk introduced by updates. In safety-critical environments, digital controls also cannot replace foundational physical access safeguards such as card readers, biometric gates, visitor logging, and CCTV.

OT security requires a different model

OT is not simply IT with different hardware. Federal agencies and the organizations that work with them operate under the unproductive assumption that they must either protect OT at the cost of operational disruption or preserve uptime while accepting cyber risk. 

That assumption, however, no longer holds. 

Modern adversaries don’t need to take systems offline to succeed. Persistent access, lateral movement, and quiet manipulation across poorly understood connections can undermine mission assurance without obvious signs of failure.

What agencies need instead is resilient cyber control achieved through visibility, prioritization, and protections designed to function within operational constraints rather than against them. 

Visibility is the foundation

The most basic question in OT security is often the hardest to answer: Do we know what is connected today?

Many organizations still rely on incomplete inventories and outdated diagrams that cannot keep pace with operational change. Devices are added during maintenance cycles. Contractors connect tools temporarily. Shadow connections emerge as IT, OT, and IoT converge.

These blind spots create false confidence. Without reliable visibility, organizations cannot enforce segmentation, govern third-party access, or contain incidents without resorting to broad controls that risk disruption. Continuous asset awareness enables a more precise approach, allowing teams to apply protections where they matter most while preserving operational stability.

Remote access remains one of the fastest paths to risk

Contractor and maintenance workflows often depend on remote access pathways that are loosely documented and rarely reevaluated. Traditional VPN models can extend excessive trust once a session is established, particularly when access decisions rely on network location rather than real-time posture and policy enforcement.

In OT environments, where lateral movement can have physical consequences, these access paths represent a significant and frequently underestimated source of exposure. Strengthening remote access controls is often one of the fastest ways to reduce risk without touching safety-critical systems.

Prioritizing risk instead of chasing perfection

Zero trust in OT is not a one-time deployment. It is an operating model for continuous risk reduction that respects safety and availability while improving mission assurance. In practice, not all zero-trust outcomes are equally difficult or equally disruptive.

Early progress comes from efforts that do not interfere with operations, such as improving asset inventory, documenting trust boundaries, tightening remote access paths, and enhancing logging. More advanced efforts, including fine-grained segmentation and least-privilege enforcement, can be introduced within operational layers without touching safety-critical process controls.

Traditional vulnerability management approaches struggle in OT because they treat findings as roughly equivalent, even when exploitability and operational impact vary widely. A more effective approach prioritizes exposure and mission impact. Where patching is impractical or unsafe, compensating controls such as segmentation, access restriction, and monitoring can materially reduce risk without shutting systems down.

Bridging the organizational rift

Reducing OT risk ultimately requires organizational alignment. OT teams and cybersecurity teams may share the same mission, but they can operate under different constraints and success metrics. Without shared visibility and a common risk picture, each group can act responsibly while gaps persist elsewhere.

Organizations that make progress formalize collaboration by establishing shared situational awareness, aligning definitions of criticality, and creating processes that evaluate risk without defaulting to disruption. In this model, cyber control in OT is not a compliance milestone or a point solution. It is an enterprise operating model.

This is how true security is achieved without disruption. The path forward lies in continuous visibility, risk-based prioritization, and protections designed to work within operational constraints rather than against them. Agencies that adopt this approach will be better positioned to reduce exposure, contain threats, and defend critical systems — all without compromising the missions those systems exist to support.

Mike Walsh is the president of Forescout Government Systems.