Why OT Cybersecurity Struggles to Prove Its Value

Source Domain: industrialcyber.co

Over the years, I’ve had a front-row seat to how close OT cybersecurity has come to addressing some of its hardest problems.

Not because of a lack of capable vendors or thoughtful engineers. Quite the opposite. Many of the technical building blocks have existed for some time, often in plain sight.

What was missing wasn’t innovation. It was a way to measure value that leadership could recognize, defend, and act on.

In several roles, I participated in the evolution of the discipline and saw moments where critical pieces nearly came together. Most recently, configuration integrity on one side and network visibility on the other. Each offered an important but incomplete truth. Together, they hinted at something far more powerful: the ability to understand whether industrial systems were operating within safe, known, and governed bounds.

At the time, that synthesis was difficult to justify commercially. Not because it lacked merit, but because we were still evaluating cybersecurity primarily through threat-centric measures that obscured reaping of its operational and business value.

The industry didn’t lack data or capability. It lacked a way to measure cybersecurity value in terms leadership could defend and invest in.

The Problem Was Never Data Scarcity

As I reflect on those moments, one thing is clear: the industry never lacked engineering rigor or data.

What it lacked was a shared understanding of which data mattered, how it interrelated, how it should be interpreted, and how it could be combined to provide evidence of reduced consequence.

When we limit “security-relevant data” to control systems and what looks like a threat, we unintentionally overlook some of the richest sources of truth already present across OT environments. Many of these sources do more to prevent undesirable consequences than traditional security signals alone. To be clear, I have never said the current OT Security practices are wrong,…

Source