OT Security Crossroads – Engineering x Hacking

OT Security is still a young discipline that’s evolving. While everyone understands that OT is different from IT, the OT Security responsibilities are driven by or inherited from IT Security. Therefore the purpose-built products for OT Security try to meet IT Security’s expectations while avoiding a conflict with operations or causing downtime. E.g., a vulnerability scan could disrupt operations so a ‘hack’ would be a passive monitoring solution that can also provide assets & vulnerabilities information. Or another ‘hack’ for letting OT protocols stay unencrypted is to put the communication behind a Secure gateway for remote access. Besides such hacks, several engineering driven approaches are gaining traction. E.g., focus on resilience and reducing consequence – from a regulatory path such as Europe’s CRA, methodologies like cyber-informed-engineering, and the growth of standards (ISA/IEC 62443). So, which of these paths “Engineering” or “Hacking” will help us ‘solve’ OT Security? This presentation unpacks the nuances including timelines, budgets and practical risk considerations at the proverbial crossroads that OT Security is at.