Power plants and substations harbor critical cybersecurity flaws that persist not from neglect, but from operational reality. Vulnerable protection relays with exploitable firmware, unrestricted north-to-south TCP/IP connections, and missing network segmentation create attack surfaces that remain unpatched because remediation requires months of downtime scheduling and complex testing most utilities cannot perform. Many of these issues become visible within 30 minutes of network monitoring, yet organizational barriers and legacy architecture choices keep them hidden.

This session, led by Andreas Klien of Omicron Electronics, reveals findings from intrusion detection deployments across hundreds of global energy OT systems:

• Top five security risks in energy OT environments, from outdated IEDs to surprise devices;
• Organizational barriers that make patching more operationally risky than the cyberthreats themselves;
• Proven architectures for cyber-resilient substations using firewall zones, data diodes and port security.