control loop mapping

Control loop mapping refers to the practice of adversaries identifying and documenting the control loops within industrial networks, a tactic highlighted in Dragos' 2026 OT Year in Review. The report details how threat actors are moving beyond simple network access to map control loops, enabling them to hand off footholds to specialized operators and engineer ransomware or destructive operations that cause real-world disruption. This trend reflects a maturation of OT threat ecosystems, with more groups gaining process-level understanding of industrial systems. The tag covers discussions around this specific threat activity, its implications for industrial defenders, and the operational risks posed by adversaries targeting control loops in operational technology environments.