(TLP:CLEAR) Dragos Releases 2026 OT Cybersecurity Year in Review Report
Created: Thursday, February 26, 2026 - 11:26
Categories: Cybersecurity, OT-ICS Security, Security Preparedness
Summary: OT cybersecurity company Dragos published its 9th annual OT Cybersecurity Year in Review report last week. This comprehensive report contains the latest threat intelligence on adversary activity targeting operational technology (OT) and recent ICS-specific malware discoveries, data to inform vulnerability management practices, and cybersecurity benchmarks for industries. Dragos shares predominant insights, poignant lessons learned, and proactive recommendations in this annual data-driven analysis of ICS/OT focused cyber threats and vulnerabilities. Explore the interactive executive summary before diving into the 91-page report based on Dragos’ extensive experience, assessments, and incident response engagements.
Analyst Note: Dragos indicates that threat groups are gaining access to industrial environments and positioning for operational impact, but in most cases, compromise becomes visible only after something in the process behaves abnormally. Many organizations lack the visibility to detect reconnaissance, lateral movement, and data exfiltration before adversaries achieve their objectives, revealing a fundamental gap across OT networks worldwide.
Dragos calls it an OT visibility crisis, as several statistics corroborate:
- 30% of OT networks have visibility
- 56% cannot see below IT/OT boundary
- 88% struggle with detection & response
Dragos also highlights certain threat groups that are positioning for OT impact, and whose activity suggests they understand how to manipulate physical processes and are actively mapping controls. Notably for the water sector, the report provides analysis of both the Sylvanite and Kamacite groups, which have been observed targeting the water and wastewater sector, both within the United States and abroad.
Additionally, Dragos draws attention to the actively exploited Trimble Cityworks GIS software from early 2025. WaterISAC actively reported on the situation early on during the exploitation, and was aware of multiple incidents at water utilities in the United States. Dragos highlights how GIS data (which utilities often rely on for infrastructure operations) can be weaponized by adversaries for future ICS intrusions. Utilities are urged to remove unnecessary internet exposure for GIS servers, prepare for adversaries who use stolen GIS data in future ICS attacks, and assess other GIS vendors for similar vulnerabilities.
Original Source: https://www.dragos.com/ot-cybersecurity-year-in-review
Additional Reading:
- Dragos Blog: Launched: 9th Annual Dragos OT Cybersecurity Year in Review
- 8 Takeaways from the Dragos 2026 OT Cybersecurity Report
- Dragos: Operational Tech Under Increasing Risk of Attack
Related WaterISAC PIRs: 6 – 12