The OT Mistakes Attackers Count On—And How to Fix Them Before They Do

In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joseph M. Saunders and OT/ICS security expert Mike Holcomb, founder of UTILSEC, for a candid discussion about the weaknesses attackers exploit inside industrial environments.

Mike shares what he repeatedly finds during assessments of large OT and ICS networks: no effective firewall between IT and OT, flat networks with little segmentation, stale Windows domains, shared engineering credentials, exposed HMIs, and OT protocols that will accept commands from any reachable host. He explains how attackers move from IT into OT using familiar enterprise techniques before pivoting into PLCs, RTUs, safety systems, and historians.

Joe outlines why secure-by-design practices, higher software quality, and “secure by demand” procurement are critical to long-term resilience—especially as cloud connectivity and AI accelerate modernization in industrial environments.

Together, they explore:

• Why a missing or misconfigured IT/OT firewall remains the most common and dangerous gap
• How micro-segmentation and unidirectional architectures reduce blast radius
• The risks of web-enabled HMIs and long-lived legacy systems
• Why monitoring PLC programming traffic and historian queries matters
• How the Cyber Resilience Act is reshaping accountability for OT vendors

If you’re responsible for industrial operations, plant uptime, or product security, this episode shows how attackers actually move through OT environments—and how to eliminate the mistakes they depend on.