If your operation relies on industrial control equipment, a new advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is a clear reminder: internet-facing OT devices are being actively targeted.
CISA, alongside federal partners, published advisory AA26-097A describing Iranian-affiliated cyber actors exploiting internet-connected programmable logic controllers (PLCs). The affected devices include Rockwell Automation/Allen-Bradley PLCs used in many manufacturing and utility contexts. The takeaway: these OT components, once talked about as isolated, are now within reach of opportunistic attackers who can move laterally if not properly protected.
Details are published in the advisory and related vendor notices. If you manage OT networks, it’s worth reviewing the mitigations and applying any recommended updates promptly. You can read the advisory here: AA26-097A.
Why it matters
OT devices like PLCs run critical processes in manufacturing, energy, healthcare facilities, and more. If these devices are exposed to the internet or poorly segmented from IT networks, attackers can disrupt operations, cause safety issues, or gain a foothold for broader intrusions.
For regular users on the business side, this means supply chains and production lines could be affected even if your direct IT noise is clean. For creators and small teams, it highlights the risk of connecting home infrastructure to test labs hosting ICS software. IT-minded readers will recognize the need for proper asset inventory, network segmentation, and monitored remote access.
Practical steps you can take now
- Inventory OT assets – Create an up-to-date list of PLCs, HMIs, and other OT devices, including vendor, model, firmware, and network location.
- Check firmware and apply patches – Review vendor advisories for affected models and apply firmware updates or mitigations as recommended.
- Segment OT from IT – Ensure a strong network boundary between OT networks and IT networks. Use firewalls, DMZs, and strict access controls.
- Limit remote access – Disable unnecessary remote management; require MFA and VPNs with restricted access for any remote connections.
- Hardening and monitoring – Disable unused services, enforce strong credentials, and enable logging and monitoring of OT protocols (for example, PLC communications) to spot anomalies.
- Establish an incident playbook – Update incident response plans to cover OT incidents, and run tabletop exercises with OT and IT teams.
- Stay informed – Regularly check CISA advisories and vendor notices for any new guidance on affected devices.
Final thought
Security isn’t only about IT. If your environment includes internet-connected OT gear, you owe it to your team to treat it with the same vigilance as your other critical systems. Start with a quick asset inventory this week, then build a phased hardening plan. Small steps today can prevent bigger disruptions tomorrow.