Cybersecurity in OT is a never-ending battle. And it is always made more challenging by its very diverse and often legacy system nature. This means that straightforward risk identification and analysis is not as insightful as it might be for OT. To succeed in OT you need multiple risk indicators from the asset, its operational function, vulnerability, risk and exploit databases but then factor in "compensating controls" like network segmentation, backup/restore status, digital twins and more. That is why we advocate for a dynamic scoring system to always provide real time, contextual risk to allow for situation-specific prioritization of your risks.

The session will cover typical OT challenges and how they impact accurate risk ranking, multi-dimensional data collection methods for OT, contextual risk calculations and use cases on turning risk into action to maximize scarce resources.