In June 2024, a single ransomware attack froze 282 public services across Indonesia. Immigration counters stopped. Airport queues stretched for hundreds of metres. The attackers didn’t break into some heavily guarded control room. They got into ordinary government IT systems, and from there they reached the services the country runs on.
That attack on the Temporary National Data Centre (PDNS) is the clearest warning Indonesia has had. The old idea that critical systems are safe because they sit behind a firewall, or because they’re “not connected to the internet”, no longer holds. Attackers have learned to enter through the corporate office network and move sideways into the systems that control physical operations.
This article explains OT security in plain terms: what it is, why the office-to-operations attack path is now the main threat, and what state bodies and critical operators in Indonesia can do about it.
What Is OT Security?
OT stands for operational technology. It’s the hardware and software that runs physical things: power grids, water treatment plants, traffic systems, port equipment, factory lines, and the controllers inside them.
OT security is the practice of protecting those systems from cyberattacks. It’s different from regular IT security in one crucial way. When IT systems fail, you lose data. When OT systems fail, physical things stop working or break. A failed IT system means files are locked. A failed OT system can mean no electricity, no clean water, or a stalled port.
That difference shapes everything about how OT has to be defended.
How OT Security Is Different From IT Security
Because these two environments maintain completely opposite operating priorities, traditional corporate IT security tools cannot simply be copied over into an industrial control environment.
IT architectures naturally prioritize data confidentiality. Keeping information private and accurate is the primary objective, making a brief system outage to install a security patch an acceptable operational trade-off.
Operational networks, conversely, prioritise absolute availability. The overriding goal is keeping the physical process running without interruption. A power plant or a water utility cannot simply be switched off for an update whenever a software patch arrives.
This is why aggressive IT security tools can be dangerous when deployed in production environments; an automated vulnerability scanner that runs routinely on an office network can easily crash an old industrial controller that was never built to handle high-volume digital traffic.
This is why specialized critical infrastructure cybersecurity frameworks are required. Industrial cyber defence must be gentler, quieter, and meticulously designed for legacy hardware that cannot be patched or rebooted on demand.
Why the “Air Gap” Is No Longer Enough
For decades, the main defence for critical systems was simple: keep them physically separate from everything else. This separation was called an “air gap”. A system not connected to any outside network can’t be attacked from the outside.
That protection has quietly disappeared.
Modern operations need data to flow between the office and the plant floor. Managers want real-time production figures. Maintenance is scheduled from corporate systems. Remote access lets engineers fix problems without driving to a site. Each of these connections is useful and serves as a bridge between the IT and OT networks. The merging of these two worlds is often called IT/OT convergence.
The result is that the air gap is now mostly a myth. Once OT systems are reachable from the corporate network, they can be reached from anywhere that the network touches, including the internet and any laptop plugged into the office. The isolation that used to do the protecting is gone, and in most places it hasn’t been replaced with anything as strong.
How Attackers Move From the Office to the Plant Floor
This is the heart of the modern threat, and it’s worth understanding step by step. Attackers rarely hit industrial systems head-on. Instead, they take an easier path in and then move sideways. Security teams call this lateral movement.
Here’s how the path typically works.
Step 1: Break Into the Office Network
The first foothold is almost always the regular corporate IT network, because that’s the softest target. A phishing email to an employee, a stolen password, or an unpatched VPN is usually enough. Fortinet’s 2025 OT report found phishing was the most common intrusion type, reported by 76% of organisations. This is the front door, and it’s rarely locked tightly.
Step 2: Explore and Gain Control
Once inside, attackers look around. They map the network, hunt for more passwords, and search for the connections that lead toward the operational side. AI tools now make this exploration faster than ever, letting attackers map a network’s layout with unsettling accuracy before they make their move.
Step 3: Cross the Bridge Into OT
Using the connections that IT/OT convergence created, the attacker steps across from the corporate network into the operational one. The points where the two networks meet, often older controllers or shared servers, are where this crossing happens. From there they can reach the systems that monitor and control physical equipment.
Step 4: Cause Damage or Demand a Ransom
Now in the OT environment, the attacker has options. They can lock systems and demand payment, steal sensitive operational data, or in the worst cases manipulate the physical process itself. For a ransomware crew, the leverage is obvious: an operator facing a frozen plant or a halted public service is under enormous pressure to pay.
The lesson from this path is uncomfortable but clear. Your operational systems are only as protected as your office email. The two are connected, and attackers know it.
Real Cases That Prove the Pattern
This isn’t a theory. The same path shows up in the biggest incidents on record.
PDNS, Indonesia (2024)
The Brain Cipher ransomware, a variant of the notorious LockBit, encrypted the national data centre and took down 282 services. Attackers demanded USD 8 million. The government refused to pay. The disruption to immigration and airport services showed how an attack on shared digital infrastructure ripples straight into public life.
Colonial Pipeline, United States (2021)
Ransomware hit the company’s IT systems, not its pipeline controls directly. But the operator shut the pipeline down anyway, because it couldn’t be sure the attack hadn’t spread and it couldn’t safely bill customers. One of the largest fuel pipelines in the US stopped, triggering panic buying, because of an IT compromise.
NotPetya (2017)
Malware that began in corporate IT networks spread automatically and caused billions in damage worldwide, disrupting ports, factories, and logistics. It showed how an IT-borne attack can cascade into operational chaos without anyone deliberately targeting the OT systems.
The thread ran through all three: the attack started in IT and ended up affecting operations. That’s the pattern Indonesia’s critical operators have to plan for.
Why Indonesia’s Critical Infrastructure Is Especially Exposed
While these risk vectors affect operators globally, specific structural characteristics place cybersecurity Indonesia at a critical crossroads.
The nation’s vital infrastructure is inherently distributed across thousands of islands. Power grids, water utilities, maritime ports, and telecommunications networks are spread over an immense geography, creating a vast array of remote sites and connection points that complicate uniform security enforcement.
Furthermore, regional threat intelligence highlights that modern threat actors are running aggressive double-extortion operations that simultaneously lock systems and threaten to leak sensitive data. When combined with rapid public-sector digitalization, corporate IT and operational environments are merging much faster than traditional security monitoring can keep pace. Criminal networks routinely leverage automated exploits, making proactive threat hunting and dark web monitoring critical for modern state assets.
How to Defend State Assets
The goal isn’t to disconnect everything and return to the air gap. That’s neither possible nor useful. The goal is to replace the protection that isolation used to provide with active, modern defences. Here are the core moves, in plain terms.
1. Know every asset you have
You can’t protect what you don’t know exists. The first step is a complete inventory of every device on both the IT and OT networks, including the old controllers everyone forgot about. Many operators are surprised by what’s actually connected once they look.
2. Segment the network to block the bridges
Segmentation means dividing the network into separate zones with strict controls on what can pass between them. Done well, it means a breach in the office network can’t flow freely into the operational one. The crossing points become guarded checkpoints, not open doors. This is the single most important defence against lateral movement.
3. Watch the traffic between IT and OT
Most operators have decent visibility inside their office network and almost none inside their OT network. Monitoring built specifically for OT can watch the quiet boundary between the two and raise an alarm when something tries to cross that shouldn’t. Catching the attacker mid-move, before they reach the controllers, is often the difference between an incident and a catastrophe.
4. Control access, especially remotely
Remote access is one of the most common entry points. Every remote connection into the OT environment should require strong identity checks, grant the least access necessary, and be logged. A vendor logging in to service one machine should not be able to roam the whole operational network.
5. Plan for the attack you hope never comes
Assume a breach will eventually happen and prepare for it. That means a tested response plan, offline backups that ransomware can’t reach, and clear decisions made in advance about how to keep critical services running during an incident. The PDNS response was hampered by exactly this kind of unpreparedness. Planning ahead is what turns a disaster into a manageable event.
6. Bring IT and OT teams together
In many organisations, the IT team and the OT team barely talk, and each guards only half the network. Attackers exploit that gap. Defending the whole path from office to plant floor requires the two teams, and their monitoring, to work as one.
Building Resilience Into the Grid
The whole threat in this article comes down to a single question you can ask about your own organisation: If one employee clicked one bad link today, how far could the attacker get?
If the answer is “we’re not sure,” that’s the gap. In most organisations, the office network and the operational systems are quietly connected, and nobody has tested how easily an attacker could travel from one to the other. The systems running your most important operations may be one stolen password away from the inbox of someone in accounts.
The good news is this gap can be found and closed before anyone exploits it.
That’s where Zentara comes in. We trace the exact route an attacker could take from a single phishing email all the way to your operational systems, then show you where it breaks down and how to block it. Our team watches your networks as one connected whole, so movement between them gets caught early, not discovered after the damage.
You don’t have to wait for an incident to learn the answer to that question.
Book an IT/OT exposure assessment with Zentara and we’ll show you exactly how far a single click could reach, and how to stop it.
Frequently Asked Questions
1. What’s the difference between IT security and OT security?
IT security protects data and systems where the main concern is keeping information private and accurate. OT security protects the systems that control physical processes, where the main concern is keeping operations running safely and without interruption. A failure in IT means lost data; a failure in OT can mean physical damage or halted services.
2. Isn’t keeping critical systems offline (“air-gapped”) enough?
Not anymore. Modern operations need data to flow between office and operational networks for monitoring, maintenance, and remote access. These connections mean true isolation rarely exists in practice, so critical systems need active defences, not just separation.
3. What is lateral movement?
It’s how attackers spread once they’re inside. Rather than attacking a well-defended system directly, they break into an easier target, like the office network, then move sideways through connected systems until they reach what they’re really after, such as operational controllers.
4. Why is OT security harder than IT security?
OT systems are often old, can’t be easily patched or switched off, and weren’t built with security in mind. Many run continuously and can’t tolerate downtime, and aggressive security tools that are routine in IT can crash fragile OT equipment. Defences have to be carefully adapted.
5. Can smaller operators afford OT security?
Yes. Much of OT security is about visibility, segmentation, and good access control rather than expensive equipment. Managed services also let smaller operators get expert OT monitoring without building a large in-house team.
