One of the first articles or presentations those new to OT generate is how OT is different from IT. Like other uses of T, there are tasks, goals and constraints that are different in OT than the employee desktop, application, server and infrastructure environment that the ICS crowd considers IT.

The OT presence at the RSA Conference shows there is a lot of OT overlap with IT and other T. Overlap in the technology. Overlap in the security controls. Overlap in the people securing the systems. And importantly overlap in the executives who manage and accept risk.

There are many OT security focused vendors in the RSA Conference expo and even more that are holding meetings and events around the event. There are 20+ sessions on OT security. The ICS Village is there. Most importantly a lot of asset owners’ OT security leaders and top technologists go to RSA to see what’s coming in IT security and how it might be used in OT security.

Two old guy RSA stories for you.

  1. My first RSA’s were back in 1991 & 92 when it was between 75 – 200 people in a section of a hotel ballroom in Redwood City. Jim Bidzos was on a one-man crusade to make something out of the RSA license and toolkit before a market existed. It was touch and go for a few years. Ron Rivest (the R) was always there. Adi Shamir (S) came sometimes. Whit Diffie ran the Rump Sessions (inspiration for Unsolicited Response at S4). Bruce Schneir was talking to everyone he could for his soon to come book Applied Cryptography (which he sold in the back of the room out of boxes when it was published).
  2. The fact that cybersecurity would be a true market was confirmed at a RSA Conference in the late 90’s. The event had moved to San Francisco, and they had a party that was for the first time more than a glorified BeerISAC. The party was sponsored by IBM, had three bands, ice sculptures, big shrimp and other food. The money was saying cybersecurity was worth investment. The market and the conference haven’t looked back since.