The Threat Intelligence Report of the Industrial Cybersecurity Observatory, published by the Xunta de Galicia through AMTEGA as part of the RETECH project, offers a structured overview of the actors, tactics and trends affecting OT and ICS systems in Galicia’s industrial landscape.
Drawing on the information gathered in the document, and from hands-on experience with OT systems, it is possible to reflect on how these threats translate into real-world environments and what they mean for risk management, security architecture and response capabilities.
The report identifies campaign patterns, frequent attack vectors and profiles of actors with an interest in industrial infrastructure. From our experience, we recognise many of these behaviours: prior information gathering, scanning of exposed surfaces and exploitation of weaknesses in architecture or access management.
One of the report’s key strengths is that it turns threat intelligence into practical guidance: defining indicators of compromise, segmenting risk scenarios and suggesting good practices for detection and response. This enables organisations and public bodies not only to read threats, but to translate them into concrete protective measures.
As part of the entities participating in the Industrial Cybersecurity Laboratory and Demonstration Centre awarded by the Xunta through AMTEGA, Inprotech acknowledges the coordination work carried out by the Xunta, AMTEGA and INCIBE, which has made it possible to consolidate this analysis. It allows us to better align our threat analysis practices, detection rule design and attack simulation configuration on industrial scale models.
The goal is for threat intelligence to move beyond the page and translate into exercises, training and real-world tests that help detect and respond before an actual incident occurs, thereby strengthening the industrial defence posture.