Critical Infrastructure Security,
Governance & Risk Management,
Operational Technology (OT)
Geopolitical Turbulence Fuels New Threats to Operational Technology and Supply Chains
The current landscape of global conflict and tariff disputes has expanded opportunities for cyber threats, particularly targeting operational technology (OT) systems. As geopolitical conflicts affect supply chains, attackers are honing in on vulnerabilities, leading experts to predict significant breaches in cyber-physical systems within the year.
According to Sean Tufts, field CTO at Claroty, instability in sourcing and manufacturing is directly correlated with an increase in cybersecurity risk. The findings from their Global State of CPS Security 2025 report, which surveyed over 1,100 cybersecurity professionals, underscore the challenge organizations face today.
Tufts emphasized that as supply chains experience interruptions—whether from trade restrictions or geopolitical tensions—companies may resort to using less vetted vendors, thereby introducing unrecognized vulnerabilities into their OT environments and critical systems.
Research indicates that supply chain shifts could compromise both hardware integrity and the security of embedded software, creating avenues for attacks. Findings reveal that nearly half of survey respondents identified changes driven by global economic dynamics as exacerbating their cybersecurity risks.
The common entry point for many breaches remains through third-party remote access tools, including management applications that are critical to operational efficiency. However, these same tools can be exploited, granting attackers privileged access to internal networks. The report highlighted that approximately 46% of respondents had experienced a breach via a third-party supplier within the past year.
In notable incidents, surveillance cameras in Ukraine were compromised by Russian actors, indicating that risks can emerge from seemingly benign sources. In the U.S., recent actions by the Secret Service targeted a significant telecom threat operation, with implications for critical infrastructure communications.
As organizations diversify their vendor base to navigate economic uncertainties, the likelihood of unmanaged access points increases, which escalates risks. While regulations exist, Tufts argues that they fall short of addressing the unique challenges presented in operational technology environments. Specific frameworks and sector standards are needed for enhanced cybersecurity measures tailored to OT realities.
To adequately address these threats, Tufts advocates for improved visibility, governance, and access control across all cyber-physical assets. By adopting a proactive stance on third-party access management, organizations can better protect their operational systems and reduce exposure to cyber threats.
