Critical infrastructure is facing increasingly disruptive threats to physical processes, while thousands of devices are online with weak authentication and riddled with exploitable bugs.