Introduction
Emerging technologies like industrial Internet of Things, unified platform architectures, and cloud-integrated operational technology are transforming the critical infrastructure landscape. This transformation, driven by the need for greater agility and pursuit of competitive advantage, is unlocking unprecedented levels of automation, operational efficiency, and data-driven decision-making. However, it’s also significantly expanding the cyber threat surface, often in ways that many leaders are yet to fully grasp.
Simplified Attack Vectors
Critical infrastructure was once more difficult to penetrate for malicious threat actors due to its complexity. Legacy systems were fragmented and comprised of disparate technologies that accumulated over decades. Threat actors had to invest substantial time and resources into reconnaissance to launch an attack. Today, many new facilities are built on unified platforms, creating a predictable and repeatable attack surface. A single successful exploit can cascade across multiple sites that share the same platform or architecture.”
The reduction in complexity has simplified operations for businesses, yet it can also lower the barrier to entry for cybercriminals. The scale and frequency of attacks are simultaneously increasing. Fortinet’s research shows that cybercriminals launched over 36,000 malicious scans per second in 2024 alone, leveraging automation to probe global infrastructure for weaknesses.1
A key focus of these scans are widely used though often unmonitored operational technology (OT) protocols such as Modbus transmission control protocol (TCP) and session initiation protocol (SIP). These underpin critical sectors including telecommunications, industrial control systems, and manufacturing. OT protocols are typically unencrypted, making them significantly easier to intercept and manipulate unlike encrypted internet protocols used in IT networks.
This trend is especially alarming for the manufacturing sector, which has become the most targeted industry for ransomware attacks. Companies operating in this space often underestimate their importance within the broader national interest. For example, a plastics moulding plant might appear to be a low-value target until geopolitical conditions change and its outputs are redirected toward other critical supply chains. The result is not dissimilar to perfume manufacturers or distillers pivoting towards producing hand sanitiser during the COVID-19 pandemic. The ability to redirect industrial capabilities during times of crisis depends on uninterrupted operations, even in assets that might otherwise be considered low-risk or under-protected.
Implications
The financial consequences of disruption are also staggering. Estimates suggest that the cost of downtime for Australian industrial organisations can exceed AU$349,000 per hour.2 Despite this, many businesses still fail to quantify their risk, making it difficult to justify or prioritise cybersecurity investment. This leaves decision-makers blind to the urgency and scale of the threat and without a clear understanding of the operational and financial ramifications of compromise.
The hyper-connected nature of today’s supply chains compounds the risk for manufacturers and CI providers as operations are no longer as siloed as they once were. Manufacturing facilities, raw material suppliers, and distribution networks are now linked through automated systems that dictate production targets, manage procurement, and schedule delivery with little human oversight. The effects ripple across the entire chain, often with devastating speed, when one node is disrupted, whether that’s through a cyberattack or a natural disaster.
The Weakest Link
This interconnectedness is now central to cost efficiency and competitiveness, yet it has exposed previously obscured dependencies. What’s clear now is that resilience must be built into every part of the value chain, from procurement to production to logistics.
Policy shifts have attempted to address some of these gaps. The Australian Security of Critical Infrastructure (SOCI) Act recognises that cyber threats must be treated alongside physical and environmental risks and promotes an all-hazards approach. This means companies must account for malicious actors as well as natural disasters that can disable infrastructure just as effectively.
Critically, the move to platform-based infrastructure creates systemic risk if not managed appropriately, despite its operational advantages. A single vulnerability in a widely adopted platform can propagate across an entire industry, making it easier for malicious threat actors to compromise more organisations with less effort. The challenge for business leaders is to balance the efficiencies gained from standardisation with the need for layered defences, segmentation, and continuous visibility across all connected assets.
Mitigation demands more than firewalls and endpoint detection. It starts with selecting the right architectural framework. International Electrotechnical Commission 62443 (IEC 62443) remains the most widely accepted global standard for operational environments, with variants tailored for sectors such as transport (TS50701), maritime (E26/E27), and energy (National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)). These frameworks are not interchangeable; they reflect the specific risk profiles, interdependencies, and compliance requirements of each industry.
Conclusion
A one-size-fits-all strategy is not just ineffective; it’s potentially dangerous. The CI threat landscape is evolving faster than many companies can respond, and the assumption that certain sectors are too minor or obscure to attract attention is outdated. Every connected node contributes to national resilience or vulnerability, regardless of its perceived value. Recognising this is the first step toward closing the gaps that adversaries are eager to exploit. Delaying that recognition is no longer an option for organisations that underpin essential services.