.svg){kind=spacer}
July 8, 2025
July 8, 2025
In June 2025, the U.S. National Institute of Standards and Technology (NIST) issued a warning about the growing cybersecurity risks that come with the increasing convergence of IT and operational technology systems through the integration of IoT devices. Traditionally, operational technology systems—such as industrial control systems, building automation, and transportation infrastructure—were designed to operate in isolation with a focus on safety, reliability, and uptime rather than cybersecurity. However, as these systems become connected to broader networks and begin incorporating smart, internet-enabled devices, their vulnerability to cyber threats has grown significantly.
NIST highlighted that many modern IoT devices now perform functions similar to traditional OT systems but also include new features such as remote access, data logging, and automated decision-making. These added capabilities, while valuable, introduce new attack surfaces. The core issue lies in the fact that OT and IoT systems often rely on outdated hardware, have long operational life cycles, and were not originally designed to face the persistent threats found in IT environments. Applying conventional IT security controls to these systems is challenging because their design priorities are fundamentally different.
Government agencies across the United States are increasingly adopting IoT solutions to support a variety of critical services, including environmental monitoring, data center management, surveillance, and early warning systems for natural disasters. Recognizing this growing trend, NIST is updating its cybersecurity guidelines to help ensure that federal systems remain secure as IoT adoption expands.
As part of this effort, NIST is revising its existing guidance documents and developing new ones to better address the unique characteristics of IoT. The agency is calling for public input to ensure that future frameworks reflect the complexity of modern device ecosystems, which often rely on multiple subsystems, software layers, and cloud-based components. The goal is to create security standards that are practical, flexible, and effective across a wide range of connected technologies.
In summary, the blending of IT, OT, and IoT systems is creating new cybersecurity challenges that cannot be addressed with traditional approaches alone. NIST is working to adapt its standards to this changing landscape, with an emphasis on securing devices and networks while still maintaining the operational reliability these systems were originally designed to provide.
