When former U.S. President Donald Trump’s arrival at the United Nations was delayed by a stalled escalator, the world had a chuckle. After all, there’s something comically unglamorous about being held hostage by moving stairs.
But what if it wasn’t a mechanical hiccup — what if someone, somewhere, pressed the digital “off” switch? Suddenly the joke isn’t so funny, and starts to look like a OT cybersecurity case study.
Probably exactly what Trump was thinking too: “Who’s behind this?” And now even the secret service is involved.
The Hidden Connectivity of “Dumb” Machines
Most people assume escalators and elevators are just motors and gears. In reality, modern systems are controlled by programmable logic controllers (PLCs), networked sensors and remote monitoring systems. Building management systems (BMS) often integrate these into a central dashboard — and that dashboard usually sits on an IP-based network.
In short: the same escalator that helps dignitaries glide to the right floor may be quietly riding on the same backbone as office Wi-Fi, CCTV or even email servers.
Starting to sound like Trump might have a point?
Why Attackers Might Care
To a hacker, an escalator may not seem like a prize target compared to a financial system. But OT sabotage can create:
-
Disruption: Delays, embarrassment or chaos at critical events.
-
Safety risks: Sudden stops or failures can injure people.
-
Leverage: Demonstrating control of a building’s infrastructure can pressure organizations or governments.
-
Reputation damage: High-profile failures can make headlines — and at the top level, may trigger serious repercussions when key figures (like Trump) are involved.
We’ve seen similar scenarios before:
-
In 2017, Dallas’s emergency sirens were remotely activated in the middle of the night, sowing panic.
-
In 2021, hackers breached a Florida water treatment plant, attempting to poison the supply by adjusting chemical levels.
If attackers can hack sirens and water plants, why not escalators?
Why OT is Often the Weak Link
Unlike IT, OT systems are:
-
Old and unpatched: Many PLCs and BMS components run legacy firmware with no update mechanism.
-
Unsegmented: OT often shares the same flat network as office IT.
-
Poorly monitored: Security teams focus on firewalls and endpoints, not “boring” building systems.
-
Maintained by vendors, not IT: Facilities teams or contractors, who may not think about cyber risk, often manage them.
This combination makes OT an easy entry point for attackers — and a difficult one for defenders.
What Can Be Done?
Organizations can take practical steps to protect against OT sabotage:
-
Network Segmentation: Separate OT from IT networks, and limit access via firewalls.
-
Vendor Access Controls: Ensure contractors use secure, temporary credentials with MFA.
-
Patch and Replace: Where possible, update legacy devices or replace end-of-life controllers.
-
Monitor OT Traffic: Deploy intrusion detection systems (IDS) that understand OT protocols.
-
Incident Response Readiness: Treat OT incidents as part of the security playbook, not an afterthought.
Final Thoughts
Trump’s escalator mishap at the UN was (almost certainly) just bad luck. But it raises a useful thought experiment: what if it had been deliberate?
In an era where OT and IT are converging, cybersecurity isn’t just about protecting data. It’s about protecting the real-world systems people rely on — to get to the right floor, to breathe clean air, to drink safe water.
Because if the “moving stairs” stop moving at the wrong moment, the joke’s no longer on the escalator… it’s on us.
And who knows — maybe next time the Secret Service will need a crash course in OT cybersecurity, right alongside evasive driving and scanning rooftops. After all, it’s hard to protect a president if the biggest threat is… the escalator.
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Need help with OT security testing or compliance?
We provide penetration testing, security assessments and guidance tailored for M&E vendors working in regulated environments.
Checkout here for more details.
