In this session, Dino Price traces the origins of public health to John Snow’s decision to remove the pump handle during a 19th-century cholera outbreak, then applies the same principle to modern industrial control systems. He argues that every OT environment will eventually be compromised, so the only reliable defense is to engineer hard-wired safeguards—smaller valves, mechanical interlocks, pressure gauges—that physically limit harm regardless of what happens in the PLC or network. The talk walks through the twelve principles of cyber-informed engineering, stresses that engineers rather than CISOs must own these decisions, and highlights supply-chain risk and cultural change as the biggest practical hurdles.
Key points roundup:
- Assume breach: design for graceful failure, not perfect prevention.
- Crown-jewel analysis identifies the assets whose compromise would cause the worst physical outcomes.
- Hard-wired controls (valves, fuses, manual overrides) replace or backstop digital logic.
- Least privilege, data diodes, and time-based access reduce the attack surface without adding complexity.
- Supply-chain and third-party equipment must meet the same security bar as in-house systems.
- Cultural shift required: process engineers lead security design; IT supports rather than dictates.
- Controls are inexpensive yet demand deliberate education and procurement language changes.
