Presenter:
This talk focuses on applying IEC 62443 in real-world OT environments, making the point that most organizations struggle not with the framework itself—but with integrating it into messy, existing systems.
Key takeaways
- Frameworks don’t fail—implementation does
- IEC 62443 provides solid guidance
- The challenge is translating it into existing, imperfect environments
- Organizations stall trying to map theory to reality
- You can’t start from scratch
- Most OT environments are legacy-heavy
- No greenfield deployments
- Security has to be layered into what already exists
- Maturity matters more than compliance
- Checking boxes ≠ reducing risk
- Organizations need to assess where they actually are
- Progress should be incremental, not all-or-nothing
- Zones and conduits require real understanding
- Segmentation isn’t just diagramming networks
- Requires knowledge of process flows and dependencies
- Poor implementation can break operations
- Cross-functional alignment is essential
- IT, OT, and engineering all play roles
- Framework adoption fails without shared ownership
- Governance has to connect technical and operational teams
- Prioritization is key
- You can’t implement everything at once
- Focus on highest-risk assets and processes first
- Build toward maturity over time
