Looking back at 2025, South Africa’s industrial operators are reflecting on a year of profound change – and concerns. A significant and welcome development was the end of systemic load shedding, with the grid achieving more than 6 months of stability as the year ended, but as one crisis receded, a more complex, digital-first risk is taking its place.
The primary lesson of 2025 is this: stability has triggered an accelerated, large-scale digitisation of our overall industrial base, and this rapid convergence of IT and operational technology (OT) is happening on a foundation that, in essence, was not designed to be cybersecure.
The ‘air gap’ that once protected factory production lines, power substations, and water treatment plants from the corporate IT network is gone. This convergence is a modern business necessity, enabling remote monitoring, predictive maintenance, and efficiency. The risk, however, comes from connecting modern IT systems to legacy OT – such as SCADA and programmable logic controllers (PLCs) – which were built for physical safety, not cybersecurity. They cannot be easily patched and were never designed to face the (then unforeseen) threats of 2026.
From instability to integration risk
The lesson of 2025 is not about managing reboots from load shedding anymore, but about managing the complex risks of new connections. The new energy stability period has unlocked a green ‘rush’ of both renewable power projects as well as overall digitisation. We are connecting new independent power producers (IPPs) to the grid, rolling out municipal smart metering, and upgrading legacy systems at scale, but the danger lies at the new digital seams emerging.
From the outset of 2025, the public sector has been under siege, with many fending off attacks and others being less lucky. The immense challenges in enforcing the South Africa Critical Infrastructure Protection Act (CIPA) are another signal, with ‘tanker mafias’ and other criminal elements representing a physical threat to water infrastructure that has a direct digital parallel: an unpatched vulnerability in a municipal SCADA system could prove just as catastrophic as physical sabotage.
The factory floor lesson
The manufacturing sector had to learn this lesson in a year it could least afford it. With the Absa Purchasing Managers' Index (PMI) slipping back into contraction at 49,2 in October, the sector remained under intense pressure, leaving no room for a costly digital disruption banging at the gates.
This threat is not abstract for South Africa. The automotive sector, a cornerstone of our manufacturing base, also saw repeated warnings in 2025.
The industrial security posture for 2026
The lessons of 2025 must inform a new industrial security posture. First, unified visibility is paramount. Operators cannot protect what they cannot see. This must start with a comprehensive audit of every single device connected to both the IT and OT networks to eliminate critical blind spots.
Second, network segmentation has become the most powerful defence. This is the modern equivalent of the air gap. A successful breach of the corporate network must be contained. By segmenting networks, an attacker who compromises the finance department is stopped by an internal firewall, completely unable to see or access the factory floor’s control systems.
Finally, operators must adopt a Zero Trust approach for all industrial systems. Every user, device, or application seeking to access the OT network must be verified, every single time. Trust is never assumed.
In 2025, the risk moved from the data centre to physical industrial spaces, and the threat shifted from managing instability to securing integration. The lesson is that digital risks to our physical infrastructure pose a direct threat to economic productivity and public safety. In 2026, our operational resilience will be defined not by how we manage physical assets, but by how we secure the digital convergence that now controls them.
Find out more at www.fortinet.com
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version