top of page
Search

OT Security in Malta: Visibility, Vigilance, and Resilience

  • Writer: Efrem Borg
    Efrem Borg
  • Aug 18
  • 5 min read

Introduction

Malta’s critical infrastructure, spanning energy, water management, sea and air ports, manufacturing, and healthcare, relies heavily on Operational Technology (OT). OT refers to the hardware and software systems that monitor, control, and manage physical processes such as energy distribution, water treatment, manufacturing, and building automation. Unlike Information Technology (IT), which is concerned with data, communication, and business systems, OT is directly tied to the functioning of critical infrastructure and industrial equipment.


Examples include supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLCs), and industrial control systems (ICS) that keep essential services running. Because OT environments were often designed decades ago with reliability, not cybersecurity in mind, they are now increasingly vulnerable as they become interconnected with IT networks and the internet. This makes OT security a pressing issue, particularly for Malta’s essential services where disruption can have an immediate and tangible impact.


According to an urgent advisory from CISA, most organisations lack even basic visibility into their OT assets. Add in real-world exploitation of the critical Erlang/OTP vulnerability (CVE‑2025‑32433), and our exposure becomes painfully clear. Here’s what Maltese OT operators should know, and do, right now.



Start with Visibility: OT Asset Inventory is Non-Negotiable

In a small yet dense nation like ours, minor disruptions can incur devastating effects across multiple sectors, thus, knowing what’s connected and discovering known vulnerabilities is fundamental. CISA’s new guidance, Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators, urges organisations to catalogue their OT systems meticulously.

“OT systems are essential to the daily lives of all Americans… provides deeper visibility into OT assets as a critical first step in reducing risk and ensuring operational resilience.”

Acting CISA Director Madhu Gottumukkala 

“Most sectors have not done an OT asset inventory. So they don’t even know what they have.”

Tatyana Bolton, Operational Technology Cyber Coalition (July 22 hearing) 


The guidance also highlights that different industries categorise OT differently, oil and gas operators may use different terminology than water and wastewater utilities. By tailoring inventories to sector-specific language, organisations can build a clearer and more usable map of their assets. CISA stresses that this process is not a compliance exercise but the cornerstone of a “modern defensible architecture.” - also read unDisrupted blog on resilience vs compliance.


Another concern raised in the U.S. hearing, and equally relevant for Malta, is the lack of trained OT-security professionals. Many IT and cybersecurity staff are unfamiliar with industrial control systems, leaving OT networks under-secured. Experts also warned that state-linked groups such as China’s “Volt Typhoon” have already targeted critical infrastructure, while last year pro-Russia hacktivists exploited internet-exposed OT systems in the water sector using unsophisticated methods.


Moreover, Rob Lee, CEO of Dragos, told U.S. lawmakers that only about 10% of OT infrastructure is actively monitored for intrusions. This lack of visibility means attackers could already be inside critical systems without detection. For Malta, where operators of water plants, ports, or power grids form part of a small national ecosystem, that risk is multiplied.


Quick Win: Even if you do not have a full blown asset inventory software, start with a spreadsheet: list every OT controller, PLC, communication node, firmware version, network segment, and any legacy or undocumented device.



Hidden Dangers: Erlang/OTP CVE-2025-32433 Hits Close to Home

A critical flaw in Erlang/OTP’s SSH implementation CVE‑2025‑32433 allows threat actors to infiltrate systems without authentication. Between May 1–9, 2025, Palo Alto Networks found 70% of attacks targeting OT networks, particularly in sectors like healthcare and high-tech.


In his latest post, with title ICS/OTOT Networks Targeted in Widespread Exploitation of Erlang/OTP Vulnerability, Eduard Kovacs describes this vulnerability:


Erlang/OTP is a collection of libraries, middleware and other tools designed for creating real-time systems that require high availability, such as banking, e-commerce, and communications applications. Researchers discovered that Erlang/OTP’s SSH implementation is affected by a critical vulnerability that can allow arbitrary code execution in the context of the SSH daemon, which can potentially give an attacker full access to the host, enabling unauthorized access to and manipulation of sensitive data.

Maltese Relevance: Air and Sea ports, Hospitals, water and energy infrastructure, or legacy industrial control systems using Erlang/OTP may now be high-value targets.


Tracked as CVE-2025-32433, the flaw impacts all unpatched SSH servers that leverage the Erlang/OTP SSH library, and systems used for remote access are particularly at risk. The security hole has been patched with the release of OTP-27.3.3, OTP-26.2.5.11 and OTP-25.3.2.20. Earlier versions are affected.

Immediate Fix: Check your landscape for OT devices for matches with known vulnerabilities, apply immediate patches (OTP 27.3.3, 26.2.5.11, or 25.3.2.20) in a structured manner using your change management procedure, or enforce strict firewall rules to block SSH access until you can patch.



OT Security Blueprint: Map, Patch, Monitor

Building resilience in OT environments starts with asset inventory, you cannot secure what you do not know exists. Organisations must catalogue every piece of OT hardware and software, map out network paths, and record firmware versions to gain full visibility.


Once that foundation is in place, the next step is to apply patches without delay. With CVE-2025-32433 already being actively exploited, updating Erlang/OTP to secure versions or restricting SSH traffic is critical as either a permanent or interim safeguard.


Finally, organisations need to adopt integrated monitoring across IT and OT domains, since threats are increasingly crossing traditional boundaries. This means watching for anomalies, unusual network activity, and cross-domain interactions to catch attacks before they disrupt essential services.



What Maltese OT Operators Can Do Today?

  1. Launch a Full OT Asset Audit - Involve plant managers, vendors, maintenance teams, make sure every device, wired or wireless, old or new, is listed.

  2. Scan for Vulnerabilities - deploy tools or professional services intended to provide you with vulnerability visibility of all OT equipment - log and track all discovered weaknesses

  3. Patch and Block - Patch available updates without delay - deploy structured change management approaches - constantly optimising with each change executed. Strengthen your network perimeter - adopt least privilege principle.

  4. Unify IT & OT Monitoring - Use centralised solutions that observe OTs from the inside perimeter and from the outside world . Enable alerts for unfamiliar ports or outbound traffic spikes.

  5. Follow CISA’s Framework (or any equivalent framework) - Visibility, segmentation, vulnerability management, and response protocols are your pillars.



Join the Conversation

How do you currently secure and monitor OT systems from cyber threats in different sectors across Malta? What challenges are you facing? What treats have you seen on your infrastructure lately? Share your experiences in the comments or connect with us directly.


Explore more insights on protecting your organisation at our blog, or follow us on LinkedIn. Need tailored support? Email hello@undisrupted.net or reach out on +356 79464820.



Comments

bottom of page