In 2024, ransomware attacks targeting industrial organisations increased by over 87%, according to the Dragos OT/ICS Cybersecurity Year in Review annual report. 75% of these incidents caused partial shutdowns of OT systems, and 25% caused complete shutdowns. Industrial supervisory systems (SCADA, HMI, historians) have become prime targets: connected to IT networks, accessible remotely, and critical to production continuity. An intrusion no longer merely shuts down a workstation. It can paralyse a factory, contaminate a water network or trigger a safety alarm.
Industrial cybersecurity encompasses all the practices, architectures and tools implemented to protect operational technology (OT) systems against digital threats. It differs from traditional IT cybersecurity due to its specific constraints: absolute availability, proprietary protocols, equipment with lifecycles of 15 to 20 years, and zero tolerance for unplanned interruptions.
Why SCADA systems are prime targets
SCADA platforms combine three characteristics that make them attractive targets for attackers. They control critical physical processes — a malicious command can cause real physical damage. They are increasingly connected to corporate networks as part of IT/OT convergence. And they run operating systems that are often outdated, making them difficult to patch without halting production.
A telling example: the ransomware attack on Colonial Pipeline in 2021 led the operator to shut down its SCADA system as a precautionary measure, causing fuel shortages on the US East Coast for several days. It was not the SCADA system itself that was compromised, but the adjacent IT network. The lesson is clear: the boundary between IT and OT has become the primary attack surface.
The most common intrusion vectors in OT environments
Attacks on SCADA systems rarely employ sophisticated technical methods. In the majority of cases documented by ANSSI in its annual cyber threat reports, the initial intrusion exploits known, unpatched vulnerabilities, poorly secured remote access points, or compromised credentials.
The four most common vectors are VPN connections without multi-factor authentication (MFA), remote maintenance interfaces exposed directly to the internet, USB drives introduced by contractors, and lateral movement from the IT network to the OT network due to a lack of segmentation. This last point is structural: in many industrial facilities, the SCADA network is separated from the office network only by a firewall rule, which is insufficient against an attacker who has already gained a foothold in the corporate IT system.
IT/OT network segmentation: the first line of operational defence
Network segmentation is the foundation of any robust industrial cybersecurity architecture. It involves physically or logically isolating the OT network from the IT network, allowing data exchange only through monitored and audited gateways. The benchmark model is the Purdue model, which organises industrial equipment into hierarchical levels with distinct zones of trust.
In practice, segmentation involves industrial DMZs (demilitarised zones), data diodes for unidirectional traffic, and application filtering rules on OT protocols (Modbus, OPC-UA, DNP3). At a site equipped with Panorama E2, this means that the SCADA station must never be directly accessible from the office network; data feeds to IT tools must pass through a monitored exchange layer. This architecture drastically reduces the attack surface without compromising operational data exchanges.
Panorama E2 and ANSSI CSPN certification: what this means in practice
Panorama E2 is the only French SCADA software certified as CSPN (First Level Security Certification) by ANSSI. This certification is not a marketing label: it certifies that an accredited laboratory has assessed the product against a specific security standard, analysing the code, authentication mechanisms, session management and resilience against common attacks.
For an industrial IT manager or CIO, choosing a CSPN-certified platform offers tangible benefits. It reduces the burden of justification during internal or regulatory security audits. It guarantees that security functions (rights management, access logging, role segregation) have been verified by an independent third party. And it ensures the organisation complies with the increasing requirements of the NIS2 Directive, transposed into French law since 2024, which imposes enhanced cybersecurity obligations on operators of critical infrastructure and their service providers.
The NIS2 Directive significantly broadens the scope of entities subject to cybersecurity obligations in Europe. It now covers the energy, transport, water, healthcare, agri-food and industrial manufacturing sectors. The obligations relate to cyber risk management, incident reporting within 24 hours, supply chain security and the personal liability of senior management. For operators relying on SCADA systems, choosing an ANSSI-certified platform becomes a directly auditable compliance measure.
Best practices for securing a SCADA system
Industrial cybersecurity is not simply a matter of a product or a certification. It relies on rigorous operational hygiene, applied continuously. Here are the most effective measures, in order of priority for implementation.
Privileged access management is the first line of defence: every stakeholder (operator, integrator, maintenance provider) must have a personalised account with rights restricted to their specific scope. Shared generic accounts are a systemic weakness. On Panorama E2, granular management of roles and rights enables this principle to be applied without causing operational friction.
Event logging and SCADA form the second pillar. A SCADA system that does not log access, commands and configuration changes is blind to an intrusion. Correlating these logs with a SIEM (Security Information and Event Management) system enables the detection of abnormal behaviour before it escalates into an incident.
Finally, update management remains the most challenging sticking point in an OT environment. Security patches cannot be applied as quickly as in IT, due to a lack of sufficient maintenance windows. The recommended strategy is to test updates in a staging environment before deploying them to production, and to prioritise patches for exposed components (remote interfaces, OPC servers).
Industrial cybersecurity is no longer a peripheral issue reserved for CIOs of critical infrastructure operators. It has become an operational requirement for any operator connecting their SCADA systems to the rest of their digital infrastructure. Network segmentation, access management, ANSSI certification and NIS2 compliance form a coherent framework, provided it is rigorously applied and supported by platforms whose security has been independently verified.
Discover how Panorama E2 meets industrial cybersecurity requirements and the ANSSI certifications that set it apart.
