Industrial cybersecurity threats for 2026: what changed. * Four emerging OT threats identified at S4x26 conference in Miami * Harmonic swarm attacks weaponize smart inverters to damage grid infrastructure * Hardware trojans designed for physical destruction expose OT security gaps * EU CRA penalties up to €15M reshape industrial security priorities Operational technology cybersecurity threats in 2026 are crossing boundaries that previous threat models failed to anticipate. At the S4x26 conference, presentations from Secvulre, Accenture, Copia Automation, ABS, and Emerson identified four threats reshaping how asset owners assess risk: the weaponization of distributed energy resources through harmonic swarm attacks, hardware trojans designed for physical destruction, Industrial Control Lifecycle Management (ICLM) as a replacement for IT-derived DevOps in OT, and compliance penalties that now exceed the estimated cost of many cyber incidents. For plant managers and engineers, these threats demand immediate reassessment of existing security frameworks and risk models. The findings emerged from S4x26, one of the world's premier gatherings for industrial cybersecurity professionals known for its forward-thinking approach to operational technology (OT) and industrial control systems (ICS) security, which attracts more than a thousand experts, innovators, and leaders. Unlike conventional vendor-driven conferences, S4x26's agenda focuses on in-depth technical sessions, proof-of-concept exhibits, and Birds of a Feather meetings that allow asset owners, researchers, and practitioners to discuss OT security in an unscripted manner rarely available at vendor expos. How do harmonic swarm attacks threaten power infrastructure? The shift from mechanical generators to software-controlled inverters has made the power grid programmable. By retuning control parameters, attackers can initiate harmonic swarm attacks: coordinated grid-wide oscillations that inject high-frequency signals at 20 kHz and above, while standard protection relays typically monitor frequencies up to approximately 3 kHz, allowing signals above that threshold to pass through undetected. The resulting electrical stress causes rapid dielectric puncture in substation transformers before traditional safety mechanisms activate. According to research presented at S4x26, the attack surface weaponizes the inverters' ability to generate, synchronize and focus destructive harmonic energy in the 15-28 kHz range, exploiting the physics of supraharmonics to bypass standard protection relays - which are effectively blind to these frequencies - and induce rapid dielectric breakdown in critical distribution assets. The attack uses the inverters as a distributed array of sensors to perform grid tomography via active probing, with the primary failure mechanism for targeted assets such as distribution transformers and capacitor banks being catastrophic insulation failure driven by high-voltage stress and partial discharge rather than thermal overload. This shifts the threat model from traditional cyber intrusions to coordinated cyber-physical attacks exploiting the physics of modern distributed energy infrastructure. What makes hardware Trojans a physical threat? The September 2024 pager and radio explosions across Lebanon and Syria demonstrated that a supply chain compromise can produce physical casualties, with Raphael Arakelian of Accenture presenting this incident at S4x26 as "Operation Grim Beeper," classifying it as a hardware trojan with malicious firmware co-development that used embedded firmware to trigger a concealed detonator via a heating circuit. For OT security, this exposes a gap in current threat models, as frameworks like MITRE EMB3D account for data interception and untrusted firmware but do not model embedded cyber-kinetic payloads designed for physical destruction. Traditional hardware trojan detection methods focus on logic modification and data exfiltration, not on devices engineered to cause physical damage. Malicious modifications to printed circuit boards (PCBs) are known as hardware Trojans, which may arise when malafide third parties alter PCBs premanufacturing or postmanufacturing and are a concern in safety-critical applications, such as industrial control systems. The implications extend beyond traditional cybersecurity controls. Plant managers must now consider supply chain verification for critical control components, particularly those sourcing from third-party manufacturers or using outsourced production. This aligns with broader industry concerns about agentic cybersecurity in manufacturing, where automated threat detection systems need to evolve alongside increasingly sophisticated attack vectors. Why are compliance penalties reshaping OT security investment? The EU Cyber Resilience Act (CRA) applies to manufacturers of "products with digital elements," which includes many OT devices and systems, with non-compliance penalties reaching up to 15,000,000 euros or 2.5% of global annual turnover, and because compliance failures produce immediate and certain financial consequences while cyber incidents remain probabilistic, many OT organizations now treat regulatory compliance as a higher priority than traditional risk-based cybersecurity spending. Vulnerability and incident reporting obligations begin on September 11, 2026, full compliance including CE-marking and conformity assessment is required from December 11, 2027, and non-compliance can trigger fines of up to €15 million or 2.5% of global annual turnover, whichever is higher. For North American manufacturers selling into European markets, this represents a fundamental shift in how security budgets are allocated and justified. A fourth threat reshaping OT security involves lifecycle management. IT DevOps prioritizes speed and continuous deployment, but in OT environments, 10% of personnel write code while 90% sustain it according to Adam Gluck of Copia Automation at S4x26, and applying IT DevOps practices to industrial control systems creates misaligned priorities, with Industrial Control Lifecycle Management (ICLM) redesigning the DevOps value stream for OT by prioritizing resilience and governance over speed. This addresses a fundamental mismatch between IT-centric security approaches and OT operational realities. Key Takeaway The four threats identified at S4x26 require immediate action from plant managers and engineers. Harmonic swarm attacks demand upgraded protection relays capable of monitoring frequencies above 20 kHz. Hardware trojan risks necessitate supply chain verification for critical control components. EU CRA compliance deadlines beginning September 2026 make regulatory penalties a certainty rather than a probability, reshaping security investment priorities. Finally, adopting Industrial Control Lifecycle Management frameworks tailored for OT environments - not borrowed from IT DevOps - addresses the fundamental operational differences between enterprise and industrial systems. Organizations that continue applying IT-centric threat models to OT environments will miss emerging attack vectors that exploit the physics of industrial processes, not just network vulnerabilities. Frequently Asked Questions Q: What frequency range do harmonic swarm attacks exploit that current protection systems miss? Harmonic swarm attacks inject high-frequency signals at 20 kHz and above, while standard protection relays typically monitor only up to approximately 3 kHz. This gap allows coordinated oscillations to cause rapid dielectric puncture in substation transformers before traditional safety mechanisms can activate, bypassing existing grid protection infrastructure. Q: how does the EU Cyber Resilience Act affect manufacturers outside europe? The EU CRA applies to any manufacturer whose products with digital elements - including industrial controllers and OT devices - reach the EU market, regardless of where the company is headquartered. Vulnerability reporting obligations begin September 11, 2026, with penalties up to €15 million or 2.5% of global annual turnover for non-compliance, making it a priority for North American and Asian manufacturers selling into European markets.

Copia raises $26M in funding to unify OT code management, backup, and recovery. FOR IMMEDIATE RELEASE - NEW YORK, NY - JUNE 16, 2026 FOR IMMEDIATE RELEASE - NEW YORK, June 16, 2026 - Copia Automation, a leader in industrial code management and resiliency, today announced $26 million in additional funding, bringing the company's total raised to $55 million. AE Ventures and Squadra Ventures co-led the round, joined by KAS Venture Partners, with continued support from existing investors Construct Capital, Lux Capital, Ironspring Ventures, and Renegade Partners. The investment included a combination of equity financing and venture debt that the company will use to accelerate Copia's mission to bring modern code management and recovery capabilities to the operational technology (OT) teams who are the first responders in the event of an industrial cyberattack or downtime incident. Manufacturing is returning to the United States, critical infrastructure is being modernized and expanded, and new facilities are coming online. The industrial devices used to automate the physical world, like programmable logic controllers (PLCs), underpin the entire system. Yet the traditional IT software that protects everyday business systems cannot run on or safeguard these devices, because each PLC vendor relies on its own proprietary tooling, much as Windows software won't run on macOS. The resilience of everything being built rests on how well that code is governed, versioned, and protected. The stakes are rising in step with the threats. Attacks that exploit industrial devices have become a recurring headline, as adversaries increasingly take aim at the controllers running critical infrastructure. The teams responsible for automation devices are not equipped to manage automation device code because they do not have the essential tools for recovery their IT counterparts take for granted: validated backups, version control, and more recently, AI-powered coding tools. Copia will use the funding to accelerate product development, support flexible deployments ranging from the cloud to customer-managed data centers and air-gapped environments, and back the teams on the front lines of OT incident response. "The most critical code in the world has been managed with the least support, and that no longer holds in an economy being rebuilt on automation," said Adam Gluck, founder and CEO of Copia Automation. "This is about the readiness and resilience of the infrastructure modern industry depends on, making sure that when something goes wrong, teams can recover quickly and maintain uptime. This funding lets us continue building the platform that makes that possible." "Copia has built the category-defining platform for industrial code management at exactly the moment the market needs it most," said Tyler Rowe, Partner at AE Ventures, the venture capital platform of AE Industrial Partners, LP. "As manufacturers modernize legacy infrastructure, reshore production, and face a rapidly evolving cyber threat landscape, industrial code is becoming a strategic asset that must be governed with the same rigor as enterprise software. In sectors like aerospace, defense, energy, and critical infrastructure, traceability, security, and recovery are no longer optional. We're excited to co-lead this financing and support Copia as it becomes the system of record for the world's most critical industrial operations." "Cybersecurity has come a long way, but critical infrastructure remains one of the most vulnerable and under-addressed attack surfaces," said Squadra Ventures Managing Partner Guy Filippelli. "It has never been more important to safeguard the industrial control systems that keep our society running, and Copia has the vision and execution tenacity to do it. Adam and team have demonstrated unmatched hustle and ability to innovate at the point where physical meets digital." Copia was founded on the idea that the code running the physical world deserves the same discipline and governance that software has leveraged for almost two decades. With this investment, the company will keep building toward a single platform industrial organizations can use to protect, govern, and evolve their most critical automation code. About Copia Automation: Copia Automation provides visibility, traceability, and control across the full automation lifecycle, helping industrial teams maximize uptime, strengthen governance, and build resilient operations. From OT teams on the plant floor to the executives accountable for cyber resilience and compliance, Copia gives organizations a single platform to manage, secure, and recover the industrial code that runs the physical economy. Learn more at copia.io.