Making predictions is often more art than science. But as I look into my operational technology (OT) security crystal ball, I’m seeing a few trends that OT leaders should keep a watchful eye on in 2025. Many of these predictions continue themes that we saw over the past year, particularly in terms of risk. For OT, there’s no end in sight as far as new threats as cybercriminals continue to pivot toward unsecure and high-value targets.

1. Rise in OT Risks

In 2025, geo-political events will continue to drive targeted attacks on cyber-physical systems and critical infrastructure. Last year, we saw attacks on satellite networks and manufacturing companies in the U.S. and Europe. Some attacks were linked to events in the Middle East where attackers went after programmable logic controllers (PLCs) that happened to be produced in Israel and took down some small water districts.

Even though the events didn’t have major impacts by themselves, they gave attackers more confidence because they represented small, easy-to-execute, yet disruptive attacks. These types of attacks also serve to intimidate targets, so they worry that maybe their water system might not be safe either. I expect these psychological operations tactics will continue to increase, acting as a chilling reminder that attackers could take larger, more severe actions against infrastructure in the future.

Unfortunately, the manufacturing sector is full of high-value targets, and so far, it is largely unregulated in terms of mandates for particular sets of cybersecurity controls. The sector is a major target for ransomware because attackers go after targets that are likely to pay. And historically, manufacturing companies have been quick to pay ransoms so they can get their operations back online.

On the positive side, for now, OT security solutions are still staying ahead of the AI-based attacks increasingly being used by cybercriminals. And the increased recognition of the risks to OT systems has led to budget increases, more focus from industry groups, and more regulations and assistance from governments. Some sectors may see more enforcement of baseline protection and practices going forward. Unfortunately, those sectors that are seeing more cyberattacks are also likely to see their cybersecurity insurance premiums increase and their coverage shrink.

2. Changes in Patching Approaches

The second trend I’m seeing relates to the patching of OT systems. In addition to PLCs, patching needs to include the networking solutions located in the OT environment, physical security systems, such as cameras and vision systems, and the various other sensors and controllers used in production.

Most OT organizations have outdated legacy devices for which no updates or patches exist, yet the business must maintain production 24x7. In many cases, it simply isn’t feasible to take a system offline for weeks or months to update or maintain it. Some industries are now also facing regulations requiring patching certain issues or implementing a specific patching strategy. Patching older systems can also lead to compatibility and interoperability issues that can be difficult or impossible to troubleshoot and fix.

In 2025, I predict some OT organizations will take a more holistic approach to patching. Instead of attempting to patch a device that is never going to have updated firmware or trying to find the budget to rip and replace the equipment, organizations will take a holistic attack surface management approach. This strategy involves segmentation and microsegmentation, OT application inspection, and virtual patching. With this approach, ideally, no action is needed when a new OT device vulnerability is discovered.

3. Increase in OT Cloud Adoption

In 2025, we’ll see more cloud-enabled devices within the OT-secured perimeter and more IT cloud and OT dependencies as more companies move from isolated OT systems to integrated environments. As we’ve seen over the last several years, business process optimizations are continuing to drive OT convergence with industrial IT, cloud, and wireless systems.

According to the 2024 SANS ICS/OT Cybersecurity Survey, 26% of organizations now leverage cloud tech for industrial control systems and OT applications, representing a 15% increase in only one year. Many organizations need simple, scalable, cost-effective, secure remote access for third-party maintenance or secure access to performance monitoring or SaaS cloud-based solutions to enable collaboration across distributed teams.

Across most industries, secure access to cloud-hosted industrial applications is vital. So, extending security beyond the traditional OT perimeter is essential for resilience in modern OT environments. They must be brought together with an OT-converged cybersecurity platform to secure people, processes, and technology.

The first step is to secure the OT perimeter with segmentation and create zones and conduits using a next-generation firewall that understands industrial protocols. Supporting remote connectivity can then be added using SD-WAN and SASE and by implementing role-based access control with multi-factor authentication to ensure only authorized users can access certain systems.

4. More 5G in OT

In 2025, I expect to see the continuing adoption of 5G in OT. On the IT side, the use of cellular technologies has been around for more than a decade, but several factors continue to drive 5G adoption in OT. Reliable connectivity is critical, and there’s a need for broadband in remote areas where cable or fiber simply isn’t available.  

Certain OT functions, such as business continuity, require low-latency connectivity, which is a limitation of satellite connectivity. I foresee that private 5G will increasingly be used as an industrial LAN technology for factory robotics that require low latency, such as automated guided vehicles, autonomous mobile robots, and other Industrial-Internet-of-Things (IIoT) devices.

The performance of 5G can overcome the limitations of traditional broadband access in both WAN and LAN applications. I predict that private 5G will grow as a Wi-Fi backbone for widespread Wi-Fi deployments at multi-site locations to reduce the amount of cable or fiber breakouts needed. Deploying private 5G with 5G gateways as wireless switches and connecting multiple access points can offer security connectivity for distributed sites and sites that need IIoT connections.

Securing 5G will require overcoming gaps among point products and lacking visibility across the entire extended network. I predict that more external modem gateways will emerge over time because they can increase network reliability and network costs and can be deployed more quickly than traditional approaches.

5. Growth of AI in OT Security

You can’t talk about anything technology-related without mentioning the increase in AI use. In OT environments, AI is used for various purposes, such as:

• Predictive maintenance
• Process optimization
• Autonomous operations

In 2025, I predict that AI will increasingly be used for OT security for anomaly detection, behavioral profiling, vulnerability management, and security automation and orchestration. In addition, cyber-physical security systems will also take advantage of AI for access control systems, video surveillance and intelligent video analytics, environmental monitoring and threat detection, and perimeter security such as cameras, sensors, and drones.

The growth in AI-enabled security monitoring will help reduce costs. Still, it will also require new security controls to ensure that hackers aren’t able to spoof these physical security systems or inject malware into OT environments. The use of AI is going to continue to grow for both cyber defense and offense.

OT Security Today and Tomorrow

If there’s one thing we can count on, it’s that OT security will evolve and change. Every day, organizations face new threats, vulnerabilities, and risks across their IT and OT environments. It’s important for OT leaders to remain alert to new developments so they can be proactive about improving security and protecting their critical OT assets.