A Hacker's Perspective: Why OT Systems Are Still Exposed

Former Black Hat Hacker Jesse McGraw on Why Critical Infrastructure Is Vulnerable Tony Morbin (@tonymorbin) • December 31, 2025

Insider threats are overlooked attack vectors in industrial systems, said Jesse McGraw, a former black hat hacker turned cybersecurity researcher. Organizations have hardened remote access controls to block remote hackers but they continue to underestimate the risk posed by employees and contractors with physical or logical access to operational technology systems.

See Also: Going Beyond the Copilot Pilot - A CISO's Perspective

McGraw said the legacy design of OT systems, including unauthenticated protocols such as Modbus, makes them vulnerable to attacks even without sophisticated tools.

"Today's industries aren't prepared for insider threats," McGraw said. "I was the guy who had every protocol memorized - the one they called on holidays to train new hires. But behind the scenes, I was gaining unauthorized access just for the thrill of it."

In this ...