Rising threats to IoT and SCADA systems
According to ENISA, cyberattacks on operational technologies (OT) and industrial control systems (ICS), including SCADA, increased by 30% in 2024 compared to the previous year. Projections for 2026 indicate a further escalation of these threats, particularly for critical infrastructure facilities actively integrating IoT devices. The convergence of IT and OT creates new attack vectors, requiring comprehensive protection strategies.
Attack vectors and vulnerabilities
Key attack vectors targeting IoT/SCADA systems include exploiting vulnerabilities in legacy equipment, insufficient network segmentation, inadequate identity and access management (IAM), and the exploitation of weaknesses in communication protocols. Phishing attacks, ransomware, and supply chain attacks are becoming increasingly sophisticated and targeted. The risk of cyberattacks aimed at physically damaging or disabling critical systems is growing, which could have catastrophic consequences for energy, transportation, water supply, and other vital sectors.
Regulatory requirements and standards
The implementation of directives such as NIS2 in the EU strengthens cybersecurity requirements for critical infrastructure operators. These regulations mandate not only the deployment of technical protection measures but also the development of comprehensive information security management systems compliant with international standards like ISO/IEC 27001. In Ukraine, requirements for certified security systems (КСЗІ) for state and strategic facilities are also being enhanced, compelling organizations to actively invest in relevant solutions and expertise.
Member company solutions and technologies
Intecracy Group unites companies providing comprehensive solutions for protecting IoT and SCADA systems. The Softline team, as a system integrator, possesses extensive experience in developing and implementing complex information security systems, including certified security systems (КСЗІ) for the Ukrainian public sector, which is crucial for protecting IoT and SCADA in energy, water supply, and other industries. IQusion complements this expertise by offering IT services and solutions for the public sector, including comprehensive information security systems for government organizations, ensuring compliance with the highest security standards. SL Global Service, as a cloud integrator, specializes in cloud cybersecurity, including solutions for IAM, SIEM, DLP, and encryption, which are essential for protecting the cloud components of IoT systems and integrating with SCADA. AZIOT, a developer of an IoT platform for managing the physical environment, integrates devices and protocols (MQTT, Modbus, BACnet) and enables scenario automation, requiring a high level of security at the device and protocol levels. The alliance companies collaborate on system architecture and implementation, with AZIOT ensuring security at the IoT platform level, while Softline, IQusion, and SL Global Service are responsible for integration, infrastructure cybersecurity, and regulatory compliance, including the protection of cloud environments and certified security systems (КСЗІ).
Protection strategies for 2026
Effective protection of IoT/SCADA systems in 2026 will demand a multi-layered approach. This includes implementing Zero Trust principles, network micro-segmentation to isolate critical components, strengthening access controls, regular software and firmware updates, and leveraging AI for anomaly detection and threat prediction. Establishing Security Operations Centers (SOCs) and ensuring continuous monitoring and incident response are also crucial. Personnel training and raising awareness about cyber threats remain key elements of the overall security strategy.
To ensure the resilience of critical infrastructure against cyber threats in 2026, organizations must invest in integrated solutions that encompass both IT and OT segments, and continuously adapt their security strategies to new challenges and regulatory requirements.
