Presenter:
This talk argues that OT security efforts fail because organizations underestimate how interconnected and exposed their environments have become—especially as IT/OT convergence expands the attack surface.
Key takeaways
- IT/OT convergence expands risk
- Increased connectivity between business systems and industrial systems
- More pathways for attackers to move laterally
- Traditional boundaries no longer hold
- Exposure grows faster than defenses
- New connections are added for efficiency and visibility
- Security controls don’t keep pace
- Attack surface quietly expands over time
- Perimeter thinking is outdated
- There is no clear “inside vs. outside” anymore
- Trust assumptions break down in interconnected environments
- Attackers don’t need to break in—they move through
- Operational impact is the real risk
- Disruption to availability and safety is the primary concern
- Incidents affect physical processes, not just data
- This raises stakes beyond traditional cybersecurity models
- Defense needs to follow connectivity
- Visibility across IT and OT environments
- Segmentation aligned to real workflows
- Monitoring that reflects how systems actually interact
