Presenter:
This session argues that cyber-physical system (CPS) security isn’t failing because of technology gaps—it’s failing because organizations are still operating in silos. Real risk reduction only happens when people, process, and technology are aligned around how systems actually function.
Key takeaways
- Silos are the real vulnerability
- IT, OT, engineering, and leadership operate separately
- Each sees only part of the risk
- Attackers exploit the gaps between those domains
- Technology alone doesn’t solve CPS risk
- Tools are deployed without coordination
- Controls don’t map to real operational workflows
- Security becomes fragmented and inconsistent
- People and process are the missing links
- Teams need shared ownership of risk
- Clear processes must connect detection → response → recovery
- Without this, even good tech fails
- CPS risk is about system behavior
- You have to understand how systems interact in the real world
- Risk emerges from dependencies, workflows, and interconnections
- Not just individual vulnerabilities
- Alignment is what reduces risk
- Cross-functional collaboration (IT + OT + engineering)
- Unified visibility into operations
- Security tied directly to business and operational outcomes
