Industrial and operational sites are increasingly connected to networks that make them vulnerable to cyberattacks. Alain Mowat, Chief Technical Officer at Orange Cyberdefense Switzerland, explains how companies can prevent these risks.
Operational technology (OT) systems have long operated in isolation. Today, however, production processes are becoming digital, while equipment is increasingly run using devices connected to IT networks. This convergence of technologies exposes industrial environments to heightened cyberattacks. In Switzerland, no cases were reported by the authorities in 2026, but confirmed attacks on infrastructure brought 4G and 5G networks in Luxembourg to a standstill in July 2025.
To ensure overall security, the National Cyber Security Centre (NCSC) has issued minimum standards for Information and Communication Technologies (ICT) since 2024. Although they are not binding (except for critical infrastructure), these standards are intended to help all Swiss companies strengthen their cyber resilience. Alain Mowat, Technical Director at Orange Cyberdefense Switzerland, outlines the challenges associated with this transition.
How do you distinguish information technology (IT) from operational technology (OT)?
Alain Mowat: IT encompasses information and communication systems such as networks, servers and workstations. OT includes all systems that interact with the physical world: sensors, robotic arms and control systems. In the past, these two domains were fully separated. Today, however, machines are often connected to networks via Wi-Fi, Bluetooth or cellular modules (4G/5G). These technologies make it possible to monitor machines, control them remotely, update them via the cloud, and even allow external service providers to access their parameters and operate them remotely. In addition, data generated by OT is routed and processed through IT systems. A surveillance camera, for example, manages its video stream through computers. The increasing interconnection of IT and operational systems creates new vulnerabilities, particularly where security standards are not applied consistently.
What risks apply specifically to OT?
Mowat: IT, the focus is primarily on data confidentiality and integrity. In OT, availability is paramount: if a machine stops, the entire production chain is brought to a halt. This also explains why some companies are reluctant to carry out updates, as the process often requires suspending production. Moreover, industrial machines are typically designed to operate for twenty or thirty years. It is therefore common to encounter equipment installed at a time when cybersecurity requirements were very different. Systems are still found without passwords or operating with unencrypted communication channels. Some companies continue to operate in this way to save time and reduce costs. In doing so, they expose themselves to significant risks.
Why are hackers interested in OT?
Mowat: A successful attack on OT can strike at the core of a company’s operations by shutting down a factory or even destroying machines remotely. It is a particularly powerful weapon against industrial players. Moreover, OT has become a target of choice precisely because IT is now better protected. Attackers typically seek out the weakest link.
How can industrial environments be secured as effectively as possible?
Mowat: The first step is to gain visibility. This involves mapping all OT equipment, identifying firmware versions and understanding what is deployed across the network. Access to systems must then be segmented and restricted, using largely the same tools as in IT (firewalls, secure remote access, network filtering, segmentation into zones). Monitoring and anomaly detection must also be implemented, similar to practices used in IT security operations centers (SOC). The same fundamental principles apply: map, segment, control access, and maintain basic network hygiene. It is essential, however, to understand the specific characteristics of OT, including much longer life cycles and stricter availability constraints. An IT professional who understands these differences will be well placed to adapt.
In Switzerland, minimum ICT standards (also referred to as "ICT Minimum Standards") are also available. Companies linked to critical infrastructure are strongly encouraged to adopt them. These standards can serve as a reference framework for all companies seeking to strengthen their security.
How should an IT-OT security strategy be structured within a company?
Mowat: The company’s approach must form part of an overarching cybersecurity strategy. The same teams will not necessarily manage IT and OT, but there must be a shared framework and governance. The objective is to ensure that the company can maintain operations in the event of an attack. An SOC with a unified view of the entire information system, across both IT and OT, is often the most effective solution.
