Infrastructure Under Fire Securing OT In a Weaponized World

When Infrastructure Becomes the Frontline

In a recent 60 Minutes interview, retired U.S. General Timothy D. Haugh issued a chilling warning that China is actively infiltrating America’s critical infrastructure, targeting operational technology (OT) systems that control power grids, transportation, and industrial processes. These aren’t random cyberattacks, they’re strategic moves designed to disrupt society and cripple response capabilities in the event of conflict.

While the interview focused on the United States, the implications are global. For European businesses operating industrial systems, this is a wake-up call. OT environments are no longer just technical assets, they’re geopolitical targets. Prepositioning turns these systems into latent battlegrounds. The goal isn’t theft, it is destabilization.

What Is OT Security, and Why Should You Care?

Operational Technology refers to the systems that monitors and controls physical devices and processes, think factory automation, energy distribution, water treatment, and transport systems. Unlike traditional IT systems, OT environments traditionally prioritize safety, uptime, and physical reliability over cybersecurity.

But that’s changing fast.

• Legacy systems often lack basic protections like encryption or patching.
• Remote access and cloud integration have expanded attack surfaces.
• Nation-state actors now see OT as a soft underbelly, a way to cause chaos without firing a shot.

The Business Impact of OT Attacks

Cyberattacks on OT systems don’t just steal data, they stop machines, endanger lives, and erode trust. The business impact is multifaceted: downtime leads to production halts and supply chain delays; compromised safety can result in physical harm to workers and surrounding communities; financial losses stem from equipment damage, regulatory fines, and interrupted operations; reputational damage erodes customer trust and investor confidence; and compliance failures expose companies to legal consequences under EU mandates such as NIS2, CRA, and new Machinery directive.

Don’t Wait for a Crisis is the key lessons from the U.S.

General Haugh’s warning is clear, nation-state actors are already inside the wire. They’re probing systems, planting malware, and preparing for disruption. The U.S. example shows what happens when OT security is treated as an afterthought. Prepositioning reframes the conversation about it, it’s not about “if” your systems are targeted, but whether they’re already compromised.

For European businesses, the message is simple

• Map your OT assets — know what’s connected and what’s vulnerable.
• Segment networks — isolate OT from IT wherever possible.
• Monitor continuously — detect anomalies before they become disasters.
• Focus on Vulnerability Management — patch what you reasonably can.
• Train your teams — cybersecurity is everyone’s job now.
• Prepare for the Worst — implement and test a robust backup and recovery plan.
• Align with EU mandates — not just for compliance, but for resilience.

Infrastructure Is the New Frontline

In this geopolitical landscape, your factory floor could be the first target. OT security is no longer optional, it’s a business-critical, society-defining responsibility. Whether you’re running a power plant or a logistics hub, the threats are real, and the time to act is now.