Why I Avoid ICS/OT Conferences and Summits: A Critical Perspective on the Current Landscape

As a professional deeply embedded in Industrial Control Systems (ICS) and Operational Technology (OT) cybersecurity, I often receive invitations to attend industry conferences. These events promise a wealth of knowledge, networking opportunities, and the latest insights from leading experts. However, I find myself increasingly reluctant to participate in these gatherings. The reason? These conferences' prevailing structure and content often resemble a "pyramid scheme" rather than a genuine forum for advancing the field.

The Pyramid Structure: Suppliers and Consultants Feeding Each Other

Vendors and consultants dominate many ICS/OT conferences. The vendors are eager to showcase their latest products, often framing them as the ultimate solution to complex cybersecurity challenges. On the other hand, consultants are there to promote their services, emphasising the need for their expertise to implement these solutions effectively. A cycle emerges where suppliers feed consultants, and consultants feed suppliers. Both parties benefit, but the value to the end-user—the industrial operator, the engineer, the technician—is often negligible.

This cycle creates a situation where sales pitches and marketing strategies overshadow the real challenges and needs of ICS/OT environments. The discussions at these conferences frequently centre around product features and consultancy services rather than the fundamental aspects of securing industrial environments. As a result, the essential knowledge required to address the entire lifecycle of an industrial project, from Concept Engineering to Commissioning, is rarely, if ever, addressed.

The Missing Pieces: Engineering and Commissioning Expertise

Securing an ICS/OT environment is about more than just deploying the latest firewall or intrusion detection system. It involves a deep understanding of the industrial processes, the operational constraints, and the risks associated with different stages of an industrial project's lifecycle. From Concept Engineering, where the foundations of security are laid, to Commissioning, where the system is tested and validated, each phase requires specialised knowledge and expertise.

Unfortunately, these critical areas are often overlooked in conference discussions. The emphasis is placed on the latest trends and technologies rather than the foundational principles of engineering and commissioning that ensure these technologies can be effectively integrated into a secure operational environment.

The Real Work: Where the Conference Hype Falls Short

Securing ICS/OT environments is challenging and requires a multi-disciplinary approach. It’s about integrating cybersecurity principles with the operational realities of industrial processes. This includes understanding the nuances of legacy systems, the intricacies of industrial protocols, and the specific requirements of safety-critical environments.

These aspects are not glamorous; they don’t sell products or services as easily as a shiny new tool. But they are the backbone of any successful ICS/OT cybersecurity program. I find these conversations missing at most ICS/OT conferences.

Moving Forward: What Needs to Change

A shift in focus is needed for ICS/OT conferences to truly serve the industry's needs. We must move beyond the vendor-driven agenda and create platforms where real-world challenges and solutions can be discussed in depth. This means bringing in the voices of engineers, technicians, and operators who work on the ground and understand the practical challenges of securing industrial environments.

Moreover, greater emphasis needs to be placed on the entire lifecycle of industrial projects, ensuring that cybersecurity considerations are integrated from the beginning of a project and followed through to the end.

Conclusion

As someone deeply invested in ICS/OT cybersecurity, I believe we can and should do better. We need conferences that prioritise substance over sales and focus on the practicalities of securing industrial environments rather than just the latest trends. Until then, I will continue to be selective about the conferences I attend, seeking out those rare events that offer genuine value and contribute meaningfully to the advancement of our field.

If you share these concerns, I would like you to join me in advocating for a more balanced and practical approach to ICS/OT cybersecurity conferences. Let’s work together to ensure that our industry events are opportunities for vendors and consultants and platforms for real progress in securing the critical infrastructure our world depends on.