As India accelerates digitisation across critical infrastructure sectors, security of the operational technology (OT security) is emerging as a top priority for enterprises and regulators alike. In an interaction with TAM, Pritam Shah, Global Practice Head – OT Security and Data Security at Inspira Enterprise, highlights how evolving cyber threats, legacy systems, and increasing IT-OT convergence are reshaping the security landscape. He shares insights on why traditional IT security approaches fall short in OT environments, the growing sophistication of attacks on industrial systems, and the urgent need for resilient, AI-driven security frameworks.
TAM: What’s driving the sharp rise in OT security prioritization across India’s critical infrastructure sectors right now?
Pritam Shah: There are several factors contributing to the sharp increase in OT security prioritization across critical infrastructure in India. Systems deployed across airports, healthcare institutions, pharmaceutical facilities, and manufacturing environments are prime targets for cyberattacks, as threat actors are well aware that much of this infrastructure relies on legacy technologies. Today, with stricter government regulatory mandates such as specific guidelines for IT/OT security from the Central Electricity Authority and other regulatory bodies, the demand for OT security is increasing.
A significant rise in cyberattacks targeting critical infrastructure is also driven by geopolitical tensions and cross-border conflicts India has with some of its neighbors, and the systems have to be kept secure. Large-scale digitization of OT environments is gaining traction, and threat profiles are shifting from traditional cyberespionage to description-oriented attacks, which are now prevalent and are driving the growth of OT security.
TAM: Where do traditional IT security strategies fall short when applied to OT environments?
Pritam Shah: A fundamental difference in the IT and OT security is the priority. In IT security, confidentiality is primary, integrity comes second, followed by availability with lesser priority to downtime of the systems. However, in OT security, availability takes precedence and is far more critical than confidentiality or integrity. Manufacturing can plan more downtime with the IT systems than with the OT systems, as the latter directly correlate with the revenues. Standard IT practices like rebooting, patching, or aggressive scanning are not implemented in OT, as they will impact revenue generation due to system shutdown.
There is a common misconception within the manufacturing workforce that OT environments are fully air-gapped from IT systems, which is no longer true. Additionally, a significant protocol gap exists, with IT relying on secure communication protocols and OT often operating on less secure ones. This fundamental difference makes the two environments inherently distinct, and traditional IT strategies do not translate effectively into OT settings.
TAM: How have cyberattacks targeting ICS and SCADA systems evolved in terms of sophistication and impact?
Pritam Shah: Cyberattacks targeting ICS and SCADA systems have evolved dramatically over the last two decades, both in technical sophistication and real-world impact. Earlier, both these systems were air-gapped, and attacks were few with threats from malware through USB devices being observed. However, the rise in IT-OT convergence and the connectivity through the internet exposed ICS to broader attack surfaces. Today, the attacks are more targeted, impacting supply chains and infrastructure. Real-world impact includes multiple attacks on Ukraine power grid last year, leading to outages.
Similarly, Jaguar Land Rover shut down UK production lines for over 10 days to protect the IT systems from damage. With the growing adoption of web-based SCADA systems, the attack surface has expanded, making them easier targets for threat actors. This includes potential compromises of service provider infrastructure, which can result in widespread disruptions. Attacks continue to evolve, where protocol-level attacks, SQL injections, and cloud-based attacks are getting more sophisticated, with technical IT systems failing to detect them. ICS/SCADA cyberattacks have evolved from low-impact IT spillover to highly targeted and destructive cyber-physical operations.
TAM: What are the most effective ways to secure legacy industrial systems without causing operational disruption?
Pritam Shah: It is almost a challenge to patch OT systems unless there is downtime; however, fairly strong controls can be implemented around unpatchable systems. Some of the effective non-disruptive security strategies include network segmentation, where legacy systems can be isolated into tightly controlled, smaller zones rather than having them distributed throughout the plant. Legacy systems, such as Windows XP and Windows 10, are highly insecure but still predominantly used, and unfortunately, OEMs also cannot support these. So, passive monitoring of network traffic and detecting any threats is another critical solution, along with the passive asset discovery of all OT devices that are present on the network.
Based on the identified vulnerabilities, it is essential to prioritize risk by assessing which systems are most critical, and then securing them through measures such as network segmentation, hardware-based access controls, and additional isolation using virtual patching techniques like VLANs and firewalls. Application whitelisting and implementing Identity and Access Management Solutions for secured remote access, privileged remote access, and machine-level access should be well defined and are important. It is therefore crucial to deploy layers of protection and layers of control to the OT systems before any access is provided to the crown jewels.
TAM: How is AI enabling faster and more accurate threat detection in complex OT environments?
Pritam Shah: There are two ways we look at AI enabling in the OT environment – Cybersecurity for AI and AI for Cybersecurity. On the defense side, the gains are very substantial because AI-enabled security operations can lead to about 90% of rationalizations of alerts that come through. Identifying false positives from the generated alerts of the OT systems can reduce alert fatigue of analysts. At Inspira, we have AI-powered operations where 80% to 90% of these false alerts are eliminated, enabling analysts to focus on real incidents and not waste time on false positives and repetitive alerts.
Furthermore, today’s anomaly detection devices inherently come with AI algorithms embedded, which have far better detection capabilities compared to the ones used in the past. Inspira’s AI-driven ASM models help ensure that no organizational devices are publicly exposed, safeguarding digital assets and strengthening overall security. At the same time, AI-driven attacks are rapidly evolving and cannot be overlooked, particularly given the low barriers to entry for exploiting OT environments, especially when systems are publicly exposed.
TAM: As industrial networks become more connected, what should organizations prioritize to build a resilient OT security posture?
Pritam Shah: First and foremost, organizations should prioritize visibility of all OT assets, data, networks, and protocols that are being used, because only what is known and visible can be protected. Architectural separation is a critical consideration within OT environments, ensuring that systems with similar risk profiles are grouped into distinct zones, and that data flows between logical and physical layers are tightly controlled.
Integrating OT risks into the broader enterprise risk management strategy is equally important and should not be overlooked. Implementing a Zero Trust architecture in OT environments, supported by well-defined policies and procedures, can significantly strengthen an organization’s security posture. Additionally, a robust incident response and recovery framework is essential to effectively address potential attacks on OT systems, and embedding security by design enhances the resilience of OT infrastructure.
Managing data flow from OT to IT, for analytics, AI model training, or digital twins, is equally critical, particularly with real-time data in play. With IT–OT convergence, traditional air gaps are no longer viable, making secure, well-governed workflow automation essential.
TAM: From your experience at Inspira Enterprise, what are the most common gaps you’re seeing in OT security implementations across Indian enterprises, and how can organizations address them quickly without large-scale overhauls?
Pritam Shah: The first gap that is observed in OT security implementation is the governance gap, where OT sits in a fragmented regulatory space, and the adoption differs very widely across sectors, although many end users are implementing global standards. Many facilities prioritize physical resilience and operational continuity while giving limited attention to identity controls, command verification of what is being sent to PLCs, and the monitoring of engineering action, such as changes in program and configuration.
The second challenge is the visibility gap, as most Indian manufacturing sites do not have a comprehensive inventory of all the assets that are present in their environment. Significant skill gaps persist within OT environments, including cultural, technical, cybersecurity, and AI-related challenges, and addressing them requires a clear mindset shift at the leadership level.
Many organizations prioritize quick wins to boost production with minimal changes, often without fully understanding the potential risks, including exposure to exploitation by competitors or threat actors through techniques such as prompt engineering. Conducting rigorous, OT-specific tabletop incident response exercises is equally critical. Moreover, investment in OT security must be on par with IT, and organizations in India need to move beyond the outdated assumption that OT and IT systems remain air-gapped in today’s highly interconnected landscape.
