You just discovered OT. Maybe you’re in IT and got a tour of your company’s factory or mill. Maybe you went down a rabbit hole on some site or social media and learned about it. You want to share this world, and more often than not it leads to an article on how OT is different than IT.
OT security is different than IT security. Data Center security is different than desktop and mobile security. SAP is different than AWS. Salmon is different than tuna which is different than mackerel. Yes, different. If it wasn’t different we probably wouldn’t give it a different name.
I have read hundreds of these articles and ignored thousands more. Most have a novice view on OT, if they are coming from IT, or a novice view of IT, if they are coming from Operations and Engineering. It can be stunning ignorance in both directions.
Still, it’s great to see these articles. It means we have a new person entering the OT security field. The journey must begin somewhere. We all started as a novice and almost all wrote articles and gave presentations on how OT security from IT security thinking we were so profound.
Now that you’ve advanced in the field let’s see you put out more “different” articles.
- How is addressing cyber risk of a pet food factory different from a natural gas pipeline? Or a compressor station on that pipeline from an electric distribution substation? (There are significant differences) The generic lists of recommended security controls are simply the next step on the novice’s journey, and we need to move past that.
- How is securing a Rockwell System different than a securing an Emerson system, and how are both different than securing an Ignition platform.
- The difference between securing a similar manufacturing plant in the US, Germany, and Singapore based on regulatory requirements.
- How should we measure the different performance in the various categories of OT security solutions? Asset Inventory, Detection, Remote Access, Segmentation?
We need much of the talent that has entered the field in the last ten years, and continues to come in, to get more granular on investigating and putting out content on the differences. There is already plenty of detail on how OT differs from IT. Next.