The Airgap Fallacy: Why Isolated OT Systems Are Still Vulnerable to Ransomware
About This Session
The notion of airgapped OT systems as a bulletproof defense against cyber threats is a dangerous myth in today’s interconnected world.
Despite their perceived isolation, airgapped industrial control systems (ICS)—such as SCADA, PLCs, and DCS—are increasingly vulnerable to sophisticated ransomware attacks, as evidenced by incidents like the 2025 Saudi Al Bawani breach and the 2024 UAE Lulu Hypermarket attack.
This presentation dissects the airgap myth, revealing how modern attack vectors exploit connectivity gaps and human factors to compromise OT environments, particularly in critical Middle Eastern sectors like oil, gas, and manufacturing, which faced a 68% surge in ransomware victims in 2024.
We identify key vulnerabilities shattering the airgap illusion:
(1) Hardware exposures: Wi-Fi, Bluetooth, USB drives, and even external keyboards can serve as malware vectors, as devices may inadvertently connect or employees make errors.
(2) Maintenance staff risks: Third-party technicians often introduce infected devices behind the airgap, spreading malware to intranets, as seen in attacks like IOCONTROL targeting US and Israeli OT systems.
(3) Supply chain threats: New devices may arrive pre-infected if suppliers’ systems are compromised, a growing concern with 34 of 39 IoT exploits targeting legacy vulnerabilities over three years old.
(4) Inherent limitations: Airgapped systems often cannot update antivirus patterns or install modern security software, leaving them defenseless against evolving threats like double extortion ransomware from groups like LockBit (22.22% of 2024 Middle East attacks).
Leveraging Rob M. Lee’s Pyramid of Value vs. Cost, this talk proposes a layered defense strategy to secure OT systems beyond the airgap myth.
Low-cost, high-impact measures—such as rigorous device vetting, employee training to counter phishing (a primary ransomware entry point), and network segmentation—form the foundation.
Higher-value strategies, like behavioral analytics and threat intelligence integration, target adversary TTPs to disrupt campaigns, as demonstrated by countermeasures against RansomHub’s 2024 exploits. Case studies from the Middle East, where 66% of attacks targeted UAE and Saudi Arabia, highlight the stakes for critical infrastructure.
Attendees will gain a practical roadmap to assess airgap vulnerabilities, prioritize investments, and implement modern solutions like zero-trust architecture and OT-specific monitoring. This session equips ICS operators, engineers, and CISOs with actionable insights to protect against ransomware and emerging threats in 2025, redefining resilience in OT cybersecurity.
Despite their perceived isolation, airgapped industrial control systems (ICS)—such as SCADA, PLCs, and DCS—are increasingly vulnerable to sophisticated ransomware attacks, as evidenced by incidents like the 2025 Saudi Al Bawani breach and the 2024 UAE Lulu Hypermarket attack.
This presentation dissects the airgap myth, revealing how modern attack vectors exploit connectivity gaps and human factors to compromise OT environments, particularly in critical Middle Eastern sectors like oil, gas, and manufacturing, which faced a 68% surge in ransomware victims in 2024.
We identify key vulnerabilities shattering the airgap illusion:
(1) Hardware exposures: Wi-Fi, Bluetooth, USB drives, and even external keyboards can serve as malware vectors, as devices may inadvertently connect or employees make errors.
(2) Maintenance staff risks: Third-party technicians often introduce infected devices behind the airgap, spreading malware to intranets, as seen in attacks like IOCONTROL targeting US and Israeli OT systems.
(3) Supply chain threats: New devices may arrive pre-infected if suppliers’ systems are compromised, a growing concern with 34 of 39 IoT exploits targeting legacy vulnerabilities over three years old.
(4) Inherent limitations: Airgapped systems often cannot update antivirus patterns or install modern security software, leaving them defenseless against evolving threats like double extortion ransomware from groups like LockBit (22.22% of 2024 Middle East attacks).
Leveraging Rob M. Lee’s Pyramid of Value vs. Cost, this talk proposes a layered defense strategy to secure OT systems beyond the airgap myth.
Low-cost, high-impact measures—such as rigorous device vetting, employee training to counter phishing (a primary ransomware entry point), and network segmentation—form the foundation.
Higher-value strategies, like behavioral analytics and threat intelligence integration, target adversary TTPs to disrupt campaigns, as demonstrated by countermeasures against RansomHub’s 2024 exploits. Case studies from the Middle East, where 66% of attacks targeted UAE and Saudi Arabia, highlight the stakes for critical infrastructure.
Attendees will gain a practical roadmap to assess airgap vulnerabilities, prioritize investments, and implement modern solutions like zero-trust architecture and OT-specific monitoring. This session equips ICS operators, engineers, and CISOs with actionable insights to protect against ransomware and emerging threats in 2025, redefining resilience in OT cybersecurity.
Speaker
Sachin Mohan
Territory Head - OT Cybersecurity - CyberKnight
Sachin Mohan is an OT cybersecurity expert with over 18 years of experience securing Industrial Control Systems (ICS) in the Middle East’s critical infrastructure sectors, including oil and gas and utilities.
As a cybersecurity strategist, Sachin specializes in building resilient OT ecosystems, leveraging ISA/IEC 62443 standards to address challenges. Sachin is a risk management consultant adept at aligning OT security with regulatory compliance and fostering workforce training to bridge the IT-OT skills gap.
Sachin is passionate about advancing critical infrastructure protection through innovative strategies like privileged access management and vulnerability management.
At the ICS Cybersecurity Conference, He empowers professionals with practical tools for securing OT environments.
As a cybersecurity strategist, Sachin specializes in building resilient OT ecosystems, leveraging ISA/IEC 62443 standards to address challenges. Sachin is a risk management consultant adept at aligning OT security with regulatory compliance and fostering workforce training to bridge the IT-OT skills gap.
Sachin is passionate about advancing critical infrastructure protection through innovative strategies like privileged access management and vulnerability management.
At the ICS Cybersecurity Conference, He empowers professionals with practical tools for securing OT environments.