A compromised or disrupted control room means the flow of information stops. Everything grinds to a halt – and if processes stay offline for too long, the organisation might not survive.

Breaches of the control room leave businesses open to extortion, data and intellectual property theft along with financial, reputational and even physical damage. Incidents such as the Colonial Pipeline attack illustrate how grave the consequences of multi-stage cyber attacks on critical infrastructure can be (a state of emergency was declared by the US president).

With the stakes being so high, organisations simply can’t afford to be reactive in their approach to protecting the control room from cyber attacks. This cybersecurity watchlist is intended to help infrastructure owner/operators recognise prevalent threats and take proactive steps to improving their organisation’s defence strategy.

Top three control room cybersecurity threats:

1. Ransomware attacks – imagine how infuriating it would be if someone stole the keys to your house, locked you out and tried to charge you money in order for them to let you back in. Then factor in the jeopardy of lives potentially being at risk – that’s how a ransomware attack on infrastructure critical systems feels.

To mitigate the impact of a potential ransomware attack, the National Cyber Security Centre recommends making regular backups of data to prevent losing access to critical information in the event of it being encrypted by malicious actors.

Endpoint detection and response tools can provide early alerts to potential threats, while segmenting IT and OT (operational technololgy) networks, and a solid access control strategy with zero-trust architectures can help with damage limitation.

2. Supply-chain attacks – it’s not just proprietary tools and networks that control room operators must be mindful of from a cybersecurity perspective. As the SolarWinds attack demonstrated back in 2020, vulnerabilities in the security of third-party systems or software used by an organisation can also be the root cause of a breach.

Despite this, UK government statistics show that just over one in ten businesses review the risks posed by their immediate suppliers. For the other 89%, a supplier audit should be top of the priority list.

3. Outdated software, legacy systems and IoT devices – the commonality between all three of these control room entry points is that lack of regular updates, patches and contemporary security features (such as encryption and multi-factor authentication) can leave them vulnerable to exploits.

To avoid cyber criminals taking advantage of these weak endpoints on a network, regular patching of software and firmware should be standard procedure for control room operators. If this isn’t possible for any reason, upgrading to more modern systems is strongly recommended.

Bonus tip –  the most proactive approach that infrastructure owners/operators can possibly take is to make cybersecurity a fundamental consideration in the initial design of control rooms. As Barco points out, you wouldn’t build a roof without considering the possibility of it raining, patching up leaks as and when they occur. So why should access to your control room security be any different?

Cybersecurity will be a key focus at ISE 2025, with dedicated talk tracks exploring the latest trends and threats, as well as an exhibitor network of industry experts to help you mitigate risks.

Stay informed!

ISE is the world-renowned annual tech show for the AV and systems integration industry, taking place in Barcelona, 4-7 February 2025. It will spotlight the latest control room  solutions from leading manufacturers, including displays, KVM systems, video wall controllers, video distribution systems and more.

To discover the latest solutions and innovations from the control room suppliers exhibiting at ISE, as well as the hottest industry trends, sign up now for updates.

Don't miss out – join our community today and stay at the forefront of control room technology.