While the typical CEO, IT director, or plant manager feels quite confident that they have a security system that keep the foxes away from their IT coop, many have no idea that there is a viper coiled, ready to strike at their unprotected plant, grid, refinery, or other critical infrastructure where they deploy Operational Technology (OT). Why? First of all, many aren?t aware that and how their control system innovations can be exploited.

Perhaps the most famous hack on an OT-based critical infrastructure system is that of a German factory. On December 2014, the BBC reported, ?A blast furnace at a German steel mill suffered ?massive damage? following a cyber attack on the plant?s network, says a report from the German Federal Office for Information Security (BSI). It said attackers used booby-trapped emails to steal logins that gave them access to the mill?s control systems. This led to parts of the plant failing and meant a blast furnace could not be shut down as normal. The unscheduled shutdown of the furnace caused the damage, said the report.? (http://www.bbc.com/news/technology-30575104)

And, only recently, it was learned that breaches to the operation of a dam outside of New York had been attributed to Iranian-based hackers (http://www.cnn.com/2015/12/21/politics/iranian-hackers-new-york-dam/).

?But We Have a Very Robust IT Cyber Security System!?

You probably do but it isn?t protecting you critical infrastructure. Here are five reasons why:

1.