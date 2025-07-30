Experts from Claroty and Axonius say agencies are facing an expanded attack surface as more operational technology systems connect to the internet.

Earlier this year, the Air Force introduced a new cybersecurity training specifically focused on how to protect systems such as gas pipelines, power grids and traffic signals. The course is the first to meet the standards for the “control systems security specialist” role under DoD’s cyber workforce framework.

Air Force cyber leaders are also working with the Air Force Institute of Technology and the Defense Acquisition University to introduce more control systems training. The service needs cybersecurity experts who can operate in this world.

The Air Force isn’t alone in recognizing the continued convergence of operational technology and information technology.

The need for people and for technology to manage and secure OT systems continues to grow. This is in part because bad actors recognize the so-called “soft targets” these OT systems can present as these technologies converge.

The Cybersecurity and Infrastructure Security Agency, in a May alert, said unsophisticated cyber actors were taking advantage of poor cyber hygiene to hack operational technology systems in the energy and transportation sectors.

As operational technologies start to act more and more like IT, CISA also is taking steps to incorporate these systems into its governmentwide Continuous Diagnostics and Mitigation program, which provides agencies with cyber monitoring dashboards and tools.

Heather Young, the regional vice president for the public sector at Claroty, said one of the reasons for the relatively new found focus on OT is the shift in responsibilities to the agency’s chief information officer and chief information security officer.

“To be able to have true continuous monitoring, to be able to understand what the attack surface is, you have to have that coalesced viewpoint. So being able to bring in any of the OT network data into the security operations center, for example, is very important in order to achieve that continuous monitoring and attack surface management,” Young said during the discussion Innovation in Government sponsored by Carahsoft. “It’s really important to be able to feed the information from these unsophisticated systems that were never built with safety, into the proper hands.”

But now these OT systems, which includes everything from water control systems to fire alarm systems, are using components that more readily connect to the public internet and are taking advantage of advanced technologies like artificial intelligence.

Young said this expanded attack surface has led to several well-known OT attacks over the last several years, like Volt and Salt Typhoons and Colonial Pipeline.

“Our information is being stolen, so we’ve seen an uptick in nation state activities. People want to profit from those vulnerabilities, and they’re easy to access because a system is connected to the network,” she said.

There’s a lack of knowledge of OT systems

Brian “Stretch” Meyer, the federal chief technology officer for Axonius Federal, said while he was working for the Air Force and running a security operations center in the mid-2000s, his team had no visibility into the systems or data on the OT network. Instead, the service had a specialized team that worked on securing the operational technology.

“But we were still responsible for the network that they worked on and then helping them out as needed on their specialized, isolated SCADA network,” Meyer said. “No one from my team ever sat down with this team and were told ‘Hey, here’s what’s on this network. Here’s why we maintain it.’ A lot of times they were so specialized in some of the things on there, they didn’t even understand some of the basics of securing the specialized network.”

Meyer said one of the biggest challenges to protecting OT systems and data is a lack of knowledge to integrate OT and IT security teams.

Young added the regulatory focus on securing OT networks is really just getting started with requirements from agencies ranging from the Energy Department to the Transportation Security Administration to the Department of Health and Human Services.

“We’re working with a healthcare client today that has been utilizing a tool set to scan an OT or a medical internet of things (IoT) network. But you run into challenges. This particular client had been using a tool set that was misidentifying infusion pumps and calling them printers. So imagine if you’re in a hospital setting and somebody pushes a printer patch to your infusion pump. Now we’re talking about critical lifesaving issues, and so you need to make sure that you have that education and by working with vendors who are experts in the field, who’ve spent so much time working with these devices, assets, understand how they talk, because they talk different languages than IT devices,” she said. “This is something that we have got to wrap our heads around, and we’ve got to start working on.”

Hackers using AI tools

Young said the example she gave was part of a test environment, but it showed why it’s necessary for the CIO office on down to understand how the attack surface is expanding.

And now with threat actors taking more and more advantage of AI and large language models to look for cyber vulnerabilities, especially in OT systems, Meyer said the challenges continues to grow to protect these networks.

“All of a sudden they’re like, ‘wait a minute, I can work this large language model to do this attack for me using the skills that I already have?’ I’m going to train these large language models of what the attack patterns are, and then leverage what it knows about OT and incorporate that into their playbooks,” he said. “The challenge with [protecting these OT networks] is these tools are constantly updating, and then they’re not proactively seeing the internal network very well, or they’re not aware they don’t know what they don’t know. So the whole idea of how can you proactively let a leadership team and an operational team proactively know what the unknowns are? The tools that Claroty and Axonius provide, when combined together as one holistic view, can collectively let the OT teams and the IT teams see the same level of landscape.”

Copyright © 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.