Orbia CISO Sounds Alarm: PLC Security Must Escape the 'Trusted Network' Fallacy

Orbia CISO Sounds Alarm: PLC Security Must Escape the 'Trusted Network' Fallacy

Industrial control systems are under siege. With ICS security advisories surpassing 500 for the first time in 2025 — covering a staggering 2,155 CVEs — and the global ICS security market projected to grow from $19.22 billion to $28.37 billion by 2031, the urgency has never been sharper. Yet many organizations still operate on a lethal assumption: if it's on our network, it's trusted. Miranda Ritchie, CISO of Orbia, is determined to dismantle that mindset before it inflicts irreversible damage.

Analyst Insight — ICS Security Market Trajectory
The industrial control systems security market is accelerating at a 6.66% CAGR, with network security commanding 37.71% of the 2025 market share. Services are advancing even faster at 6.95% CAGR through 2031, signaling that organizations are moving beyond tools alone and investing in expertise — exactly the cultural shift Ritchie advocates.

The 'If It's on Our Network, It's Trusted' Fallacy

In a candid interview with Help Net Security, Ritchie zeroed in on what she described as the industry's most dangerous blind spot. "The assumption that if something is on our network, it's trusted is the single most pervasive and perilous mindset plaguing industrial environments today," she warned. This default-trust posture means that programmable logic controllers — the workhorses of manufacturing floors, chemical plants, and infrastructure — often run for decades without rigorous security scrutiny.

PLCs were never designed with cybersecurity in mind. They were engineered for deterministic control, relentless uptime, and multi-decade service life. The security perimeter was physical: locked cabinets, gated facilities, air-gapped networks. That world no longer exists.

Market Trend — The IT-OT Convergence Gap
The accelerating convergence of IT and OT environments has exposed a fundamental mismatch: IT security teams think in patch cycles and zero-trust architectures, while OT operators prioritize production continuity above all else. This cultural divide, not technology gaps, is what Ritchie identifies as the root of industrial cyber risk. The ICS security market's projected leap to $38.48 billion by 2031 (per MarketsandMarkets) reflects the growing recognition that this gap must be closed.

Aging PLC Hardware: Built for Uptime, Not Cyber Defense

The longevity that makes PLCs economically attractive is also their greatest liability. Many controllers deployed across global industrial sites are running firmware that predates modern cybersecurity standards by a decade or more. They lack native encryption, robust authentication mechanisms, and the ability to receive frequent patches without downtime — a non-starter in environments where a production halt can cost millions per hour.

Ritchie pointed to Orbia's own operations as a microcosm of the broader challenge. The company's Connectivity Solutions business runs extrusion lines with PLCs controlling precision polymer processing. Meanwhile, chemical facilities rely on distributed control systems (DCS) where a security breach could have catastrophic safety and environmental consequences. The attack surface balloons when these spread-out sites house aging equipment that was commissioned long before cybersecurity entered the industrial lexicon.

Extrusion Lines, Chemical Plants, and the Expanding Attack Surface

Orbia's global footprint illustrates why industrial cybersecurity cannot be solved with a one-size-fits-all approach. Each production environment presents unique risk profiles:

  • Extrusion and polymer processing lines: PLCs controlling temperature, pressure, and material flow — disruption can ruin batches worth hundreds of thousands of dollars and damage precision tooling.
  • Chemical manufacturing DCS environments: A compromised controller could manipulate reactant ratios, pressure vessels, or safety interlocks, creating risks that extend far beyond financial loss into environmental disaster and human harm.
  • Geographically dispersed legacy sites: Remote facilities often lack on-site security personnel and rely on aging VPN connections that may themselves be vulnerable.

Analyst Insight — The Vulnerability Surge
Forescout's 2026 ICS cybersecurity report revealed that only 22% of vulnerabilities in 2025 had an associated ICS advisory published by CISA — down sharply from 58% in 2024. This means nearly four out of five industrial vulnerabilities are discovered and potentially exploitable before any official alert reaches operators. For aging PLC fleets without automated patch mechanisms, this disclosure gap is particularly alarming.

Safety Culture Meets Cyber Hygiene

Ritchie's core thesis is that the industrial world already possesses the cultural blueprint it needs — it simply hasn't applied it to cybersecurity. "The same safety-first instinct that protects our people and the environment must now extend to protecting our data and industrial networks," she stated. In chemical plants, workers are trained to stop work and escalate at the first sign of a safety anomaly. That same instinct should govern response to unusual network activity, unauthorized configuration changes, or unexpected PLC behavior.

The path forward requires three foundational shifts:

  1. Zero-trust architecture for OT: Every device, every controller, every connection must authenticate and be continuously verified — regardless of network location.
  2. Asset visibility: You cannot secure what you cannot see. Comprehensive OT asset inventories with real-time monitoring are prerequisites, not luxuries.
  3. Bridging IT and OT governance: Security policies must be co-authored by IT security teams and plant engineers, not imposed unilaterally by either side.
PLC Security: Key Statistics at a Glance
Metric Data Point
ICS Security Market Size (2025) $19.22 billion
ICS Security Market Forecast (2031) $28.37 billion
CAGR (2026–2031) 6.66%
ICS Advisories Published (2025) 508 (record high)
Total CVEs in ICS (2025) 2,155
US Ransomware Complaints – Critical Infrastructure (2024) 1,300+
Vulnerabilities Without CISA ICS Advisory (2025) 78%
Frequently Asked Questions: PLC & Industrial Cybersecurity

Why are PLCs so vulnerable to cyberattacks?

PLCs were historically designed for deterministic control and maximum uptime — not security. Many legacy controllers lack encryption, strong authentication, secure boot, and signed firmware. They often run outdated operating systems or real-time kernels that cannot be patched without production downtime, making them persistently exposed.

What does zero-trust mean in an industrial OT context?

Zero-trust in OT means no device, controller, or user is automatically trusted simply because it resides on the plant network. Every asset must authenticate, every communication must be verified, and access must be continuously monitored and limited to the minimum necessary for operations. This represents a fundamental departure from the traditional air-gap or perimeter-only security model.

How does Orbia's approach differ from conventional industrial cybersecurity?

Under Ritchie's leadership, Orbia is working to integrate safety culture principles — where any worker can flag a hazard and halt operations — into cybersecurity protocols. The goal is to make reporting suspicious network or PLC behavior as instinctive as reporting a chemical leak, embedding cyber vigilance into daily operational routines rather than treating it as a separate IT function.

What is the most dangerous assumption in industrial cybersecurity today?

According to Ritchie, it is the tacit belief that if a device or system is on the internal OT network, it must be safe and trustworthy. This assumption blinds organizations to lateral movement by attackers who have already breached the perimeter, leaving PLCs and control hardware completely exposed to manipulation, sabotage, or ransomware.

From Awareness to Action: The Industrial Security Imperative

Ritchie's message arrives at a pivotal moment. The convergence of record-high vulnerability disclosures, escalating ransomware attacks against critical infrastructure, and the unstoppable march of IT-OT integration means the "trusted network" model is no longer just naive — it is negligent. For organizations operating PLCs across manufacturing, chemical, energy, and infrastructure sectors, the cost of inaction now far exceeds the cost of transformation.

The industrial automation industry has proven it can engineer systems for extreme reliability and safety. The same rigor must now be applied to cybersecurity — not as an afterthought bolted onto legacy controllers, but as a foundational design principle for the next generation of connected industrial hardware.

Related Articles

Tilbage til blog