By Andrew McKim
Lead VTScada Software Developer
and
Peter Nock
VTScada Software Developer
In the eighth blog in our “Rise of the AI Data Center” series, inspired by our latest white paper, we deal with OT cybersecurity threats.
A new and largely unprotected attack surface has emerged as AI data centers integrate microgrids, battery energy storage systems (BESS), fuel cells, and distributed energy resources into their operations. At its center is operational technology (OT), the systems where digital control meets physical infrastructure.
Unlike attacks on IT systems, a successful OT attack doesn’t lead to stolen data. It ends with something more immediate and potentially harmful: a power disruption, damaged equipment, or a full-scale operational outage.
The IT/OT/SCADA Convergence Problem
Data center OT environments comprise the control systems governing power generation, distribution, cooling, and physical infrastructure. At their core are SCADA (Supervisory Control and Data Acquisition) systems, which provide centralized monitoring and supervisory control over distributed assets such as switchgear, breakers, UPS systems, and energy storage platforms.
Historically, SCADA and OT systems were air-gapped from IT networks. That isolation is disappearing.
As microgrids require intelligent dispatch, as BESS platforms communicate with energy management systems, and as data center infrastructure management (DCIM) tools unify IT and facilities data, SCADA systems are becoming increasingly IP-connected and, therefore, increasingly exposed.
The Dragos Year in Review 2026 cybersecurity report details escalating threats to energy infrastructure. It notes that such tactics increasingly incorporate OT data theft and the establishment of persistent backdoors into systems. Attackers can fly under the radar while mapping networks and preparing for future disruption. Recent attacks continue to demonstrate how adversaries leverage unsecured links between IT and OT networks to move laterally within networks after initial the compromise.
OT Attacks Are Potentially More Dangerous
Ironically, the same connectivity that enables modern energy optimization also expands the attack surface.
For AI data centers running continuous training workloads, a power system compromise can cost millions. But in SCADA-controlled environments, the consequences go beyond downtime.
A malicious command issued through a compromised control system can:
- Open breakers
- Disconnect generation sources
- Destabilize microgrid load balancing
- Disable alarms during a critical event
In these environments, a cyberattack is not just a system incident; it is a physical operational event.
How Do Attackers Get In?
The entry points into OT and SCADA environments are expanding alongside connectivity.
- Spear phishing targeting OT-adjacent IT staff
Credentials obtained via IT systems are often used to pivot into SCADA environments.
- VPN and remote access exploitation
Remote access to SCADA, BESS, and DCIM platforms introduce high-risk entry points, particularly where authentication is weak.
- Supply chain compromise
Firmware and software updates for PLCs, RTUs, and controllers can be weaponized if not validated.
- SCADA protocol abuse
Many industrial protocols lack native encryption or authentication, allowing attackers to:
- Issue unauthorized control commands
- Replay legitimate operator actions
- Passively eavesdrop on measured values and control actions
- Establish baselines of normal behavior which can be used to disguise future attacks
The Hidden Risk: Legacy SCADA Architecture
Many SCADA deployments still reflect legacy design assumptions; namely, that anything inside the network can be trusted.
Flat network architectures, shared credentials, and minimal segmentation mean that a single compromised engineering workstation or HMI can provide access to the entire control environment.
In modern threat conditions, this model no longer holds.
The Standards Framework—What Good Looks Like
IEC 62443 provides the international framework for securing industrial and SCADA environments, including guidance on:
- Security zoning and conduits
- Authentication and access control
- System hardening
Its security levels (SL 1–4) offer a practical benchmark:
- Most data center OT environments should target SL 2 at minimum
- Critical SCADA control functions should aim for SL 3
NIST SP 800-82 complements this guidance and is increasingly referenced in North American infrastructure design.
One of the most effective controls in OT environments is the unidirectional gateway. These hardware-enforced data diodes allow operational data, such as telemetry, alarms, and performance metrics, to flow out of the control network for monitoring and analytics, while physically preventing inbound traffic. This eliminates the risk of remote command injection into critical systems.
Where to Start
For operators who haven’t yet formalized OT and SCADA security, the goal is to establish discipline.
Map Your OT and SCADA Attack Surface
Document every network-connected device:
- SCADA servers, HMIs, historians
- PLCs and RTUs
- BESS controllers
- UPS and switchgear interfaces
- Remote monitoring endpoints
Most operators underestimate both the scale and exposure of their environment.
Segment IT, SCADA, and Control Networks
If IT systems and SCADA environments share network access, a compromise in one quickly becomes a compromise in both. Implement IEC 62443-aligned zoning:
- Separate enterprise IT
- SCADA supervisory layer
- Control layer (PLCs/RTUs)
Audit Remote Access
Every remote connection is a potential entry point:
- Enforce multifactor authentication
- Eliminate shared or default credentials
- Restrict vendor access paths
Establish a Patch Cadence for OT and SCADA Systems
Reluctance to patch live systems is understandable—but dangerous. Many successful attacks exploit vulnerabilities in:
- SCADA servers
- HMI software
- Controller firmware
Deploy OT-Aware Monitoring
Traditional IT security tools often don’t understand SCADA protocols. Specialized OT monitoring platforms can:
- Detect anomalous control commands
- Identify unauthorized firmware changes
- Establish baselines for normal operations
Run an OT-Focused Tabletop Exercise
Simulate real-world operational scenarios such as:
- Unauthorized breaker trip commands
- Loss of visibility due to HMI compromise
- Alarm suppression during peak load conditions
These exercises quickly expose gaps in both defenses and response planning.
Take the Next Step: Build It In, Don’t Bolt It On
In modern, AI-driven data centers, the power system is no longer just infrastructure: It is a cyber-physical system and, now, a target. Because compute continuity directly underpins revenue, and the costliest approach is retrofitting security after deployment, building in OT and SCADA cybersecurity upfront is the most critical, cost-effective form of infrastructure insurance.
A secure-by-design approach—integrating segmentation, authentication, SCADA isolation, and hardware-enforced protections from the outset—ensures that energy and control systems are not only more secure, but more resilient and cost-effective over time.
To button up OT security, read
VTScada Security Guidelines Manual
The “Rise of the AI Data Center” white paper lays out a microgrid strategic framework as "a new normal for power."
Read the white paper
To start this blog series at the beginning, go to
Load Volatility: The Invisible Killer in AI Data Centers
Follow us on LinkedIn
About VTScada By Trihedral
VTScada™ is a secure, scalable industrial software platform for monitoring, control, and data acquisition, developed by Trihedral Engineering. Visit
www.vtscada.com
About The Authors
Andrew McKim, Lead VTScada Software Developer
Andrew joined Trihedral in 2006. His areas of expertise include the script execution engine, tag and type management, configuration management and the repository, master applications, and the Anywhere Client.
Peter Nock, VTScada Software Developer
Peter joined Trihedral's technology team in 2013, and is currently responsible for delivering the Report Studio. Previous contributions to VTScada include support for camera streaming, OpenID Connect, the Excel add-in, and VoIP.