OT Cybersecurity

Overview

OT (Operational Technology) Cybersecurity addresses the protection of physical infrastructure control systems — PLCs, IPCs, SCADAs, building management systems, and robotic platforms — in data center environments. Unlike IT cybersecurity, which protects data and digital services, OT cybersecurity defends the systems that control physical processes: power distribution, cooling, fire suppression, physical access, and increasingly, autonomous robots operating on the data hall floor. Historically, OT systems were air-gapped from IT networks and security was addressed through physical isolation. Under Industry 4.0 and 5.0, the IT/OT boundary has blurred as OT devices connect to enterprise networks, cloud platforms, and fleet management systems, exposing them to attack vectors that were previously irrelevant.

The stakes of OT attacks on data center infrastructure are categorically different from IT breaches. While an IT breach may compromise data confidentiality, an OT attack can cause physical damage, safety hazards, and cascading facility failures. The history of OT attacks — Stuxnet (2010, physical damage to Iranian centrifuges via compromised PLCs), Triton (2017, targeting safety instrumented systems at a Saudi petrochemical plant), the Ukrainian Power Grid attack (2015, widespread blackout via BlackEnergy malware), LockerGoga (2019, Norsk Hydro ransomware), and NotPetya (2017, billions in global damages) — demonstrates that while OT attacks are infrequent, their consequences range from severe to catastrophic. As data centers deploy increasing numbers of connected robots, AGVs, drones, and IoT sensors via DC-Automation-And-Robotics, each device expands the facility's attack surface. The OCP DC Automation cybersecurity framework, developed with contributions from Microsoft and Meta, addresses this through six defensive layers spanning hardware through testing and validation.