{"id":183280,"date":"2026-01-29T06:55:00","date_gmt":"2026-01-29T11:55:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/29\/survey-of-100-energy-systems-reveals-critical-ot-cybersecurity-gaps\/"},"modified":"2026-01-31T08:50:27","modified_gmt":"2026-01-31T13:50:27","slug":"survey-of-100-energy-systems-reveals-critical-ot-cybersecurity-gaps","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/29\/survey-of-100-energy-systems-reveals-critical-ot-cybersecurity-gaps\/","title":{"rendered":"Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps"},"content":{"rendered":"

Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps<\/a><\/p>\n

https:\/\/thehackernews.com\/2026\/01\/survey-of-100-energy-systems-reveals.html<\/a><\/p>\n

Publish Date: 2026-01-29 06:55:00<\/a><\/p>\n

Source Domain: thehackernews.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology (OT) networks of substations, power plants, and control centers worldwide. Drawing on data from more than 100 installations, the analysis highlights recurring technical, organizational, and functional issues that leave critical energy infrastructure vulnerable to cyber threats.
\nThe findings are based on several years of deploying OMICRON’s intrusion detection system (IDS) StationGuard in protection, automation, and control (PAC) systems. The technology, which monitors network traffic passively, has provided deep visibility into real-world OT environments. The results underscore the growing attack surface in energy systems and the challenges operators face in securing aging infrastructure and complex network architectures.<\/p>\n

Connection of an IDS in PAC systems (circles indicate mirror ports)
\nStationGuard deployments, often carried out during security assessments, revealed vulnerabilities such as unpatched devices, insecure external connections, weak network segmentation, and incomplete asset inventories. In many cases, these security weaknesses were identified within the first 30 minutes of connecting to the network. Beyond security risks, the assessments also uncovered operational issues like VLAN misconfigurations, time synchronization errors, and network redundancy problems.
\nIn addition to technical shortcomings, the findings point to organizational factors that contribute to these risks \u2014 including unclear responsibilities for OT security, limited resources, and departmental silos. These findings reflect a growing trend across the energy sector: IT and OT environments are converging rapidly, yet security measures often fail to keep pace. How are utilities adapting to these complex risks, and what gaps remain that could leave critical systems exposed?
\nWhy OT Networks Need Intrusion Detection
\nThe ability to detect security incidents is an integral part of most security frameworks and guidelines, including the NIST Cybersecurity Framework, IEC 62443, and the ISO 27000 standard series. In substations, power plant control systems, and control centers, many devices operate without standard operating systems, making it impossible to install endpoint detection software. In such environments, detection capabilities must be implemented at the network level.
\nOMICRON’s StationGuard deployments typically use network mirror ports or Ethernet TAPs to passively monitor communication. Besides detecting intrusions and cyber threats, the IDS technology provides key benefits, including:<\/p>\n

Visualization of network communication
\nIdentification of unnecessary services and risky network connections
\nAutomatic asset inventory creation
\nDetection of device vulnerabilities based on this inventory<\/p>\n

Assessing Risks: Methodology Behind the Findings
\nThe report is based on years of IDS installations. The first installation dates back to 2018. Since then, several hundred installations and security assessments have been conducted at substations, power plants, and control centers in dozens of countries. The findings are grouped into three categories:<\/p>\n

Technical security risks
\nOrganizational security issues
\nOperational and functional problems<\/p>\n

In most cases, critical security and operational issues were detected within minutes of connecting the IDS to the network.
\nTypically, sensors were connected to mirror ports on OT networks, often at gateways and other critical network entry points, to capture key communication flows. In many substations, bay-level monitoring was not required, as multicast propagation made the traffic visible elsewhere in the network.
\nHidden Devices and Asset Blind Spots
\nAccurate asset inventories are essential for securing complex energy systems. Creating and maintaining such directories manually is time-consuming and error-prone. To address this, OMICRON used both passive and active methods for automated asset discovery.
\nPassive asset identification relies on existing system configuration description (SCD) files, standardized under IEC 61850-6, which contain detailed device information. However, passive monitoring alone proved insufficient in many cases, as essential data such as firmware versions are not transmitted in normal PAC communication.
\nActive querying of device information, on the other hand, leverages the MMS protocol to retrieve nameplate data such as device names, manufacturers, model numbers, firmware versions, and sometimes even hardware identifiers. This combination of passive and active techniques provided a comprehensive asset inventory across installations.<\/p>\n

Example of device information retrievable via SCL and MMS active querying
\nWhich Technical Cybersecurity Risks Are Most Common?
\nOMICRON’s analysis identified several recurring technical issues across energy OT networks:<\/p>\n

Vulnerable PAC devices:
\nMany PAC devices were found to be operating with outdated firmware containing known vulnerabilities. A notable example is the CVE-2015-5374 vulnerability, which allows a denial-of-service attack on protective relays with a single UDP packet. Although patches have been available since 2015, numerous devices remain unpatched. Similar vulnerabilities in GOOSE implementations and MMS protocol stacks pose additional risks.
\nRisky external connections:
\nIn several installations, undocumented external TCP\/IP connections were found, in some cases exceeding 50 persistent connections to external IP addresses in a single substation.
\nUnnecessary insecure services:
\nCommon findings included unused Windows file sharing services (NetBIOS), IPv6 services, license management services running with elevated privileges, and unsecured PLC debugging functions.
\nWeak network segmentation:
\nMany facilities operated as a single large flat network, allowing unrestricted communication between hundreds of devices. In some cases, even office IT networks were reachable from remote substations. Such architectures significantly increase the impact radius of cyber incidents.
\nUnexpected devices:
\nUntracked IP cameras, printers, and even automation devices frequently appeared on networks without being documented in asset inventories, creating serious blind spots for defenders.<\/p>\n

The Human Factor: Organizational Weaknesses in OT Security
\nBeyond technical flaws, OMICRON also observed recurring organizational challenges that exacerbate cyber risk. These include:<\/p>\n

Departmental boundaries between IT and OT teams
\nLack of dedicated OT security personnel
\nResource constraints are limiting the implementation of security controls<\/p>\n

In many organizations, IT departments remain responsible for OT security \u2014 a model that often struggles to address the unique requirements of energy infrastructure.<\/p>\n

When Operations Fail: Functional Risks in Substations
\nThe IDS deployments also revealed a range of operational problems unrelated to direct cyber threats but still affecting system reliability. The most common were:<\/p>\n

VLAN issues were by far the most frequent, often involving inconsistent VLAN tagging of GOOSE messages across the network.
\nRTU and SCD mismatches led to broken communication between devices, preventing SCADA updates in several cases.
\nTime synchronization errors ranged from simple misconfigurations to devices operating with incorrect time zones or default timestamps.
\nNetwork redundancy issues involving RSTP loops and misconfigured switch chips caused severe performance degradation in some installations.<\/p>\n

These operational weaknesses not only impact availability but can also amplify the consequences of cyber incidents.
\nFunctional monitoring related alert messages
\nWhat Can Utilities Learn from These Findings?
\nThe analysis of over 100 energy facilities highlights the urgent need for robust, purpose-built security solutions that are designed for the unique challenges of operational technology environments.
\nWith its deep protocol understanding and asset visibility, the StationGuard Solution provides security teams with the transparency and control needed to protect critical infrastructure. Its built-in allowlisting detects even subtle deviations from expected behavior, while its signature-based detection identifies known threats in real time.
\nThe system’s ability to monitor both IT and OT protocols \u2014 including IEC 104, MMS, GOOSE, and more \u2014 allows utilities to detect and respond to threats at every layer of their substation network. Combined with features like automated asset inventories, role-based access control, and seamless integration into existing security workflows, StationGuard enables organizations to strengthen resilience without disrupting operations.
\nTo learn more about how StationGuard supports utilities in closing these critical security gaps, visit our website.
\nStationGuard Solution<\/p>\n

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps https:\/\/thehackernews.com\/2026\/01\/survey-of-100-energy-systems-reveals.html Publish Date: 2026-01-29 06:55:00…<\/p>\n","protected":false},"author":1,"featured_media":183281,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhndro6YfGYXSFh-wAT7XEfHLAjm5fzAlSj4nIw5XpxVdKfWDNMBz5PsrZaDPUkm_nUv8jTBBEq_-SprE2qSvV3-ennuzMFmLXU6m6v9Y9Tx_6SzEu2DRUinDU_qeTkdK6fvGS4IbkBl7YCsfyWFgrKKDlxZWDTpSLrN3psyCfZ2iNDcZFhqX4dLXuk8os\/s1700-e365\/2025-hackernews-100-energy-systems-FeaturedImage-728x380.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-183280","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/183280"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=183280"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/183280\/revisions"}],"predecessor-version":[{"id":183282,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/183280\/revisions\/183282"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/183281"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=183280"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=183280"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=183280"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}