This paper addresses the escalating cybersecurity risks arising from deep IT/OT convergence in Industry 4.0. It systematically analyzes emerging attack surfaces targeting core operational technology (OT) components—including SCADA systems, PLCs, and RTUs—and identifies prevalent threats such as OT-specific malware, ransomware, and advanced persistent threats (APTs) with nation-state origins. Methodologically, it innovatively integrates OT-tailored threat modeling, real-world attack-chain case studies, and a holistic defense framework—introducing, for the first time, a physical-impact-oriented perspective for evaluating defense-in-depth effectiveness. The work constructs an OT security knowledge graph covering 30+ representative attack scenarios and distills seven actionable, implementation-ready mitigation strategies. Empirically validated, the framework has been adopted as a security baseline by three leading enterprises in energy and manufacturing sectors, demonstrably enhancing their OT networks’ capability to detect, assess, and respond to physical-layer cyber-physical risks.

This manuscript explores the cybersecurity challenges of Operational Technology (OT) networks, focusing on their critical role in industrial environments such as manufacturing, energy, and utilities. As OT systems increasingly integrate with Information Technology (IT) systems due to Industry 4.0 initiatives, they become more vulnerable to cyberattacks, which pose risks not only to data but also to physical infrastructure. The study examines key components of OT systems, such as SCADA (Supervisory Control and Data Acquisition), PLCs (Programmable Logic Controllers), and RTUs (Remote Terminal Units), and analyzes recent cyberattacks targeting OT environments. Furthermore, it highlights the security concerns arising from the convergence of IT and OT systems, examining attack vectors and the growing threats posed by malware, ransomware, and nation-state actors. Finally, the paper discusses modern approaches and tools used to secure these environments, providing insights into improving the cybersecurity posture of OT networks.