"Is your factory/building really safe?"

1. Looming "threat to OT systems"

In recent years, there has been a rapid rise in cyberattacks targeting operational technology (OT) systems-critical systems that support daily life, including manufacturing plants, power plants, water treatment facilities, office buildings, and commercial complexes.
Traditionally, OT systems operated within closed networks isolated from external connections. However, the advancement of digital transformation (DX), including smart factories and smart buildings, has increased integration with cloud services and remote maintenance environments. As a result, connections to external networks have become more common.
This shift has significantly expanded attack surfaces. Cyberattacks now not only target these newly connected network interfaces but also exploit additional vectors such as supply chain infiltration and malware introduced via maintenance USB devices. Consequently, the risk of external intrusion is growing at an unprecedented pace.
In response, the Ministry of Economy, Trade and Industry (METI) in Japan has issued guidelines such as the "Cyber/Physical Security Framework for Factory Systems" and the "Security Guidelines for Building Systems." Across multiple industries, stronger OT security measures are now required. Furthermore, the 2022 Economic Security Promotion Act reflects a broader movement toward establishing cybersecurity as a legal obligation.

2. [Example] Real threats detected by NTT DATA

In a domestic building system where NTT DATA supported the deployment of an OT intrusion detection system (OT IDS), clear signs of an external cyberattack were identified targeting OT devices within the BAS (Building Automation System) network.
Only a few days after implementing the IDS, the system detected communication originating from a host associated with a suspicious IP address flagged in global threat intelligence databases. This early detection helped identify a potential intrusion attempt that could have otherwise gone unnoticed, demonstrating the necessity and effectiveness of OT specific security monitoring.

Figure 1. Example of a threat detection screen

As a result of the investigation, a router temporarily installed by an OT equipment maintenance vendor for remote maintenance was used as the entrance to the attack.

Figure 2. IDS Deployment System Configuration and Attack Vector Image

During the initial pre deployment assessment, the building management team was unaware that the external router described above even existed. They believed that "the building system network is closed, with no external communication channels." This gap in awareness highlights a critical and common issue in many OT environments.
From this case, two major lessons emerge:

3. NTT DATA's Strengths in OT Security

NTT DATA leverages its long-standing expertise in both IT and OT domains to deliver solutions that protect corporate safety and ensure business continuity. The company's key strengths include:

1. Tailored Solutions Aligned with Customer Requirements

NTT DATA conducts in house validation of multiple OT security products and has deployed them across diverse industries, including manufacturing plants and building systems. This enables the company to propose the optimal product mix based on each customers:

• Operational requirements
• Existing environment
• Budget constraints
• Security maturity

Beyond product selection, NTT DATA also designs and introduces the optimal system architecture-such as network restructuring-to maximize security effectiveness and avoid blind spots. The result is a realistic and high impact security solution rather than a simple product installation.

2. End to End Support from Consulting to Incident Response

NTT DATA provides comprehensive consulting services to support compliance with laws and regulations (including the Economic Security Promotion Act) and to conduct risk assessments based on current guidelines such as METI's Cyber/Physical Security Framework for Factory Systems.
Based on the findings from these assessments, NTT DATA integrates OT and IT systems to enable the necessary enhancements and risk countermeasures.
Security operations do not end with tool deployment. Many organizations have introduced visibility or IDS products but lack the operational capability to monitor or respond effectively. True security requires building an operational structure that can minimize damage and support quick recovery.
NTT DATA offers SOC services specialized for OT environments, supported by analysts who understand OT communication protocols and can make safety oriented decisions without disrupting on site operations. These capabilities are provided as part of NTT DATA's in house service UnifiedMDR™ for OT Security.

Figure 3. UnifiedMDR for OT Security

3. Global Support and Unified Operations

Some security vendors provide support only within their domestic regions, making it difficult to implement consistent, unified security measures across overseas factories or global operations. This challenge is especially significant in the OT field, where equipment specifications, regulatory requirements, and local vendor capabilities vary widely by country. As a result, localized, country specific implementations often fail to achieve true global optimization.
NTT DATA addresses this challenge by delivering security solutions in more than 50 countries and regions worldwide. This global presence enables security designs that comply with national regulations, industry requirements, and international standards. For multinational enterprises, NTT DATA offers an integrated OT security operation model that balances centralized governance from headquarters with effective, practical execution at each local site.

4. Conclusion

OT security is vital for ensuring business continuity and maintaining social trust. Factories, buildings, and other OT environments contain numerous hidden risks, including vulnerable devices, unmanaged communication paths, and operational blind spots that are difficult to detect through traditional methods.
The key to modern OT security is not attempting to prevent every attack but instead establishing the ability to detect and respond early. NTT DATA supports this approach by providing end to end OT security services-from communication visualization and risk assessment to security product deployment, SOC based monitoring, and incident response-enabling organizations to build effective and resilient OT security operations.