Finally, An OT Security Approach That Works
Andrew Ginter
The #1 most widely-read author in the industrial security space | VP Industrial Security | Podcast Host | Author| MS, CISSP, ISP, ITCP
How Do You Secure Your Life from a Cyber Threat?
If your life depended on preventing a massive boiler blowing up in your face, how would you prefer to be protected from a cyber attack that overheats the furnace underneath it? Would you prefer a mechanical over-pressure relief valve, or would you prefer a longer password for the computer controlling the furnace? This question perfectly illustrates the core challenge in OT security: balancing cybersecurity with engineering solutions to safeguard physical systems.
When I ask this, the gurus tell me, “Andrew, you’re trying to deceive us. You’re asking the wrong question.” And they’re right. Yes, I’d want a relief valve – I’d want four of them. These things suffer metal fatigue and corrosion. I need at least one of them to work to save my life. ?And I would want the longer password. Not just the password, I’d want an absolute boatload of cybersecurity on top of both, because this is my life on the line.
But where is the relief valve in ISO 27001? In the NIST CSF? In the industrial IEC 62443 family of standards? Not a hint of it. Because these are cybersecurity standards and the valve is an engineering tool designed to address physical risk.
What Is the Level Zero OT Cyber Security 2025 Conference?
The new Level Zero OT Cyber Security 2025 Conference ?joins?these two worlds. Level Zero by CS2AI is where cybersecurity joins engineering. After all, OT security is properly viewed as a coin with two sides: on one side we do cybersecurity – we teach engineering teams about cyber risks, attacks, mitigations, and the intrinsic limitations of all cybersecurity tools. On the other side of the coin we do engineering – we make very small changes to the design of our physical processes, automation, networks and other components that, to the greatest extent practical, eliminate entire swaths of consequences and risks from consideration.
Spending the Coin
But here’s the thing: when we spend a coin, do we choose which side to spend? No – we spend the whole coin, you can’t spend one side of a coin. Level Zero is the whole coin: all of cybersecurity that applies to preventing unacceptable physical consequences and all of engineering that applies to addressing cyber threats as well as more conventional physical threats. Additionally, new fields and techniques are emerging at the intersection of cybersecurity and engineering.
领英推荐
Emerging Disciplines
Cyber-Informed Engineering is one way to look at this space. So is Engineering-Grade OT Security. So too is Security PHA Review and Consequence-Driven, Cyber-Informed Engineering.
These perspectives and approaches to OT security are ideas whose time has come. When I introduce CIE, SEC-OT and these other approaches to stakeholders ranging from board-level cybersecurity subcommittees to enterprise security and engineering teams, the most common reaction is roughly “What a good idea. But – why is this new? Why is this not how we were looking at the problem from the very beginning?” I have no answer – this approach makes so much sense that it should not be new, but it is. This shift in perspective is arguably the most important improvement in OT security since the phrase “OT security” was coined 20 years ago.
And Level Zero is the first time all these ideas and approaches to OT Security are coming together. I encourage everyone active in this space to (a) submit the work you are doing to the call for speakers, now open, and (b) plan to attend Mar 31-Apr 2 in Atlanta. The world’s experts at the intersection of cybersecurity and engineering are coming together for the first time to share insights, compare notes and hear about the latest work that we are all doing.
This shift in perspective is arguably the most important improvement in OT security since the phrase “OT security” was coined 20 years ago.
Ground Floor
This is the inaugural Level Zero OT Cyber Security 2025 Conference – an event people will talk about for the next decade or even two. This is your chance to get in on the ground floor. All the gurus will be there. I hope you can join us.
Securing critical infrastructure | Enabling safe IT/OT integration
1 周Detection and response are crucial in OT security—but prevention is key. Enhance your defenses with emerging security disciplines.
Account Manager @ Waterfall Security Solutions || OT/IT Cybersecurity Specialist ???
2 周Detection and response in OT are essential—but what about prevention? Strengthen your OT security with emerging disciplines.
Connector of ideas, people and "dots" | Catalyst for innovative solution creation & delivery | Referral partner business developer with focus on critical function cybersecurity and asset monitoring
3 周Brilliant! Best of luck gaining the attendees, Atlanta is a great location! Cheers!
Yes! Andrew! We are really excited to give real stage time to this critical topic. We hope to see you all in Atlanta March 31 - April 2. www.levelzeroconference.com
OT Security Specialist | Protecting Critical Infrastructure
4 周Detection and response in OT are good, but how about prevention? If you want to beef up your OT security, consider some emerging disciplines. Check out the Level Zero OT Cyber Security 2025 Conference.