Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps

A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology (OT) networks of substations, power plants, and control centers worldwide. Drawing on data from more than 100 installations, the analysis highlights recurring technical, organizational, and functional issues that leave critical energy infrastructure vulnerable to cyber threats.

The findings are based on several years of deploying OMICRON’s intrusion detection system (IDS) StationGuard in protection, automation, and control (PAC) systems. The technology, which monitors network traffic passively, has provided deep visibility into real-world OT environments. The results underscore the growing attack surface in energy systems and the challenges operators face in securing aging infrastructure and complex network architectures.

Connection of an IDS in PAC systems (circles indicate mirror ports)

StationGuard deployments, often carried out during security assessments, revealed vulnerabilities such as unpatched devices, insecure external connections, weak network segmentation, and incomplete asset inventories. In many cases, these security weaknesses were identified within the first 30 minutes of connecting to the network. Beyond security risks, the assessments also uncovered operational issues like VLAN misconfigurations, time synchronization errors, and network redundancy problems.

In addition to technical shortcomings, the findings point to organizational factors that contribute to these risks — including unclear responsibilities for OT security, limited resources, and departmental silos. These findings reflect a growing trend across the energy sector: IT and OT environments are converging rapidly, yet security measures often fail to keep pace. How are utilities adapting to these complex risks, and what gaps remain that could leave critical systems exposed?

Why OT Networks Need Intrusion Detection

The ability to detect security incidents is an integral part of most security frameworks and guidelines, including the NIST Cybersecurity Framework, IEC 62443, and the ISO 27000 standard series. In substations, power plant control systems, and control centers, many devices operate without standard operating systems, making it impossible to install endpoint detection software. In such environments, detection capabilities must be implemented at the network level.

OMICRON’s StationGuard deployments typically use network mirror ports or Ethernet TAPs to passively monitor communication. Besides detecting intrusions and cyber threats, the IDS technology provides key benefits, including:

• Visualization of network communication
• Identification of unnecessary services and risky network connections
• Automatic asset inventory creation
• Detection of device vulnerabilities based on this inventory