OMICRON’s multi-year IDS deployments across more than 100 substations, power plants, and control centers revealed widespread technical, organizational, and operational security gaps in OT networks that expand the attack surface of energy infrastructure. StationGuard’s passive and active monitoring exposed unpatched PAC devices (including CVE-2015-5374), risky external connections, weak segmentation, and incomplete asset inventories, highlighting the need for OT-focused intrusion detection and stronger governance. #OMICRON #StationGuard #CVE-2015-5374
Keypoints
- IDS deployments at 100+ energy sites uncovered pervasive OT security and operational issues, often within minutes of connection.
- Many PAC devices run outdated firmware with known vulnerabilities such as CVE-2015-5374.
- Automated passive and active discovery revealed incomplete asset inventories and unexpected devices on OT networks.
- Weak network segmentation and undocumented external connections enable broad lateral movement between IT and OT.
- Organizational gaps—siloed IT/OT responsibilities and limited OT security resources—impede effective remediation.
Read More: https://thehackernews.com/2026/01/survey-of-100-energy-systems-reveals.html