Morgoth - Charcoal
Your biggest OT vulnerability isn’t malware, it’s dependency.
Every manufacturer worries about ransomware, but the harsh reality is this:
Most catastrophic OT failures start inside the plant, not on the internet.
Not from APTs, not from nation‑statesn, but from everyday operational fragility:
- A single engineer holding the only copy of a critical configuration
- An undocumented system no one else knows how to navigate
- A technician applying a quick fix that unexpectedly stops a line
- A disgruntled employee with admin access
- An accidental firewall change that isolates a PLC
- A vendor laptop directly connected to the wrong switch
These risks aren’t hypothetical, they are present right now in most plants.
Let’s break down the real OT risks that manufacturers rarely see coming.
Dependency on Two Engineers Is a Single Point of Operational Failure
Manufacturing floors are powered by a tiny number of experts who:
- Understand how machines are configured
- Carry tribal knowledge no one else has
- Can fix systems under pressure
- Know which undocumented workarounds keep production running
It works, until it doesn’t. If one leaves, gets sick, or simply refuses cooperation, the entire operation becomes exposed. The dependency itself is the vulnerability.
Insider Threats in OT Are Mostly Accidental, But the Impact Is Catastrophic
Most OT incidents are not malicious, they are:
- Wrong cable plugged in
- Incorrect firmware pushed
- Vendor laptop with insecure settings
- Someone testing something quickly on the live line
- Old credentials never revoked
The result?
- Production stops
- Quality tanks
- Controls fail
- Engineering teams panic
- Management scrambles
These incidents look like cyberattacks from the outside, but inside the plant they are simply the cost of operating without structure.
And then there’s the darker possibility, when relationships deteriorate, access + frustration becomes a genuine sabotage vector.
Tribal Knowledge Is Not a Strategy, It’s a Hidden Liability
Factories often rely on:
- Unwritten procedures
- Verbal instructions
- Unofficial tweaks
- Undocumented network changes
- Configurations only one person understands
This works fine, until someone leaves, or until NIS2 auditors arrive.
Lack of documentation is not just an efficiency issue, it creates:
- Recovery delays
- Misconfigurations
- Safety risks
- Zero traceability
- Zero reproducibility
- Zero resilience
A plant without documentation is a plant running on luck.
OT Access Is Often Overprivileged, Unmonitored, and Unreviewed
In many plants, if you have access to one system, you have access to all systems.
Common patterns include:
- Shared admin accounts
- Old credentials that still work
- Contractors with permanent access
- Passwords written on whiteboards
- Engineering laptops that can reach every PLC
- No centralized permission reviews
- No monitoring of configuration changes
From an attacker’s perspective, this is a dream.
But even without attackers, it means any mistake or malicious act can spread unchecked.
What Manufacturers Think Is Cyber Risk and What Actually Breaks Them
Executives worry about sophisticated attackers, but the most common plant‑stopping events come from:
- A misconfigured switch
- A forgotten firewall rule
- A Windows 7 HMI crashing
- A vendor engineer making an unapproved change
- An employee leaving angrily with knowledge no one else has
- A PLC overwritten with the wrong version
- A change that was made, but never logged
These risks are invisible until they cause shutdowns, and once they do, they expose how fragile the plant truly is.
Continuity Isn’t About Backups, It’s About People, Process, and Control
The solution is not another tool. It’s structural:
Documentation as a Continuity System
Not a box‑checking exercise, but living, up‑to‑date operational knowledge:
- System configurations
- Network maps
- Access lists
- Vendor dependencies
- Recovery procedures
- Change history
This takes pressure off your key engineers, not away from them.
Access Control as a Safety Mechanism
Right‑size access based on:
- Role
- Responsibility
- Operational need
- Clear separation between IT/OT changes
This prevents mistakes and insider abuse.
Monitoring as Proof, Protection, and Accountability
OT monitoring is not just for security teams. It helps:
- Detect unauthorized configuration changes
- Track who changed what
- Provide evidence for compliance
- Support troubleshooting
- Reduce finger‑pointing during outages
When monitoring is in place, plants recover faster, and people behave better.
The Executive Problem: You Can’t Outsource Risk You Don’t Understand
Boards often believe OT risk = cybersecurity tools.
But the deepest risks are organizational:
- Knowledge trapped in a few heads
- Unmonitored administrative power
- No change control
- Zero transparency
- No cross‑training
- No process for safe interventions
This is why regulatory frameworks emphasize:
- Governance
- Documentation
- Access control
- Logging
- Evidence of intervention
- Supply‑chain and internal accountability
They’re designed to address the exact gaps manufacturers overlook.
The Real Question Executives Should Ask
Instead of:
“Are we protected from hackers?”
Ask:
“If my top two engineers quit tomorrow, can we still run the plant?”
“Would we even know what systems they touched?”
“How quickly could we recover from a configuration mistake?”
“Who can currently shut down our production with one bad change?”
These questions reveal real, existential vulnerabilities, the ones that actually stop factories.
Conclusion: Your People Are Essential, but Your Dependency on Them Is the Risk
The modern OT threat landscape is not just digital, it’s human.
The most dangerous vulnerability in your plant is over‑reliance on a few experts combined with undocumented processes and broad, unmonitored access.
The fix is not fear, it’s structure:
- Document what matters
- Limit who can change critical systems
- Monitor configuration and access
- Build continuity around people, not in spite of them
This is not cybersecurity for compliance’s sake, this is business continuity, operational resilience, and risk reduction for the real world.