BlogOT SecurityEnergyManufacturingSecurity
Blog12 minute read

S4x26 OT Conference: A Perspective from the WWT OT Security Teams

One of the largest and most advanced ICS cybersecurity events in the world, S4 is where the best and the brightest come together to go deep and paint a future for ICS security. Here, the WWT team gives their candid recollection of this highly esteemed event.

In this blog

 Introduction

The S4x26 ICS security event took place February 23rd – 26th in Miami, Florida. With over 1,000 attendees from 29 countries, this year's S4x26 conference featured 58 diverse performers sharing insights into the future of OT and ICS security. The overall theme of the event was 'Connect', an extremely relevant topic for thinking about the why, how, and what to do to properly enact OT Security within these environments. The OT security companies thought the same and, further, are re-thinking their solutions by focusing on this term by thinking about their solutions as a platform rather than a solution(s) that covers a few specific security objectives.  OT security strategies were a major topic for our manufacturing and Oil and Gas customers, among others. These organizations view the Why and How as the strategic questions for strengthening security in their OT landscapes. 'Why' should customers have a deeper perspective on OT Security platforms, the associated strategies and IT/OT Convergence to secure OT and Critical Infrastructure, 'what' does that mean to them and 'how' do they look at effective OT security differently.

 Executive Summary

Why should organizations focus more initiatives on securing these environments? Not because they are questioning it, but because they need to understand the 'why' in depth as it pertains to their OT environments. The why? Dedicated and/or increased funding, critical infrastructure concerns and protecting their brand. For OT Security practitioners, we have heard these concerns voiced by organizations for a long time; that is not particularly new. However, what is new is the deeper insights and meaning required by security leaders within these organizations, as the focus in recent years has shifted from IT to OT. Addressing security concerns in OT is now a top priority for security leaders across all organizations. Understanding the risks, regulatory requirements and mandates, and why OT Security platforms, strategy, and the impact of IT/OT convergence matter for addressing OT Security funding, protecting critical infrastructure, and protecting the company brand. Equally as important, how do security leaders address, design and move forward with an efficient and effective strategy? Implementing OT security through an IT model often fails due to the vastly unique considerations that must be understood in an OT world.

 Key Takeaway #1 - Platform thinking for OT Security

What we heard consistently was 'platforms', customers want more than just point solutions that address their security requirements, they want security to be addressed as a platform to consider integrations with other toolsets, process and internal governance models. For OT platforms, that means integrating with systems and toolsets that an organization has already invested in its IT environment. CMDB, SoC, and NoC are some of the priorities. It also requires integrating multiple OT security-specific technologies that perform their respective functions. Think Asset and network visibility, vulnerability information, segmentation, and secure remote access. Is this platform consolidation? Not so much. The thinking and alignment refer to bringing solutions into a single security platform within OT, where they do not exist today. For OT, this is the perfect time to approach OT Security in this fashion. While platform consolidation is an often-heard term in IT, in OT it is used far less, if at all, because security there is far less mature. To think and approach OT security in this mindset provides the organization an increased probability of long-term success by limiting the possibility of fragmented toolsets, inefficient processes and increasing the security posture in OT with an optimized approach to identifying assets, security risks and device dependencies within their operations.

Looking at OT security as a platform also addresses the challenge of converging OT/IT environments, as OT environments have traditionally not recognized the threat level as enterprise IT and often differ in maturity levels for management, surveillance, and governance. Nowadays, external threats can 'reach' OT networks – either actively or coincidentally - more frequently. Outdated notions like "air-gapping" and "security by obscurity" are no longer appropriate to protect OT networks from today's targeted attacks, sophisticated malware and even insider threats. Isolating networks is often not feasible and does not always ensure their secure operation. Critical infrastructure environments were the first in recent years to understand these risks and exposures.

Therefore, business leaders are justifiably concerned about modern Industrial Control System (ICS) threats and their ability to provide security controls that are organized in a platform model, and OT has specific requirements, especially in terms of safety and corresponding limitations, on what and how security controls can be implemented. An IT lens often does not work in OT; a platform model, however, does indeed apply and function.

An increasing number of technologies address various aspects of securing an organization's OT landscape. Integrating and providing a platform with multiple solutions is the target optimized end-goal for platform thinking in OT. A single pane of glass? Perhaps, but not absolute. The end-state is providing a means and process for solutions to work together efficiently, supported and managed as seamlessly as possible. A technology solution itself may be considered a 'platform', when multiple solutions are required to holistically address OT Security, it is no longer a platform, it is a multi-vendor solution. The platform is not just the technologies themselves; it is also the support and processes within the organization that must exist to rethink OT Security. Re-thinking a 'platform' does not mean a single technology; it does mean the defined process, behind the technology and the resources within a company to support and maintain OT Security. People-process-technology, we understand the term, especially in IT. Now, it is time to understand and apply this thinking in OT.

(Partial List of OT Security Solution Sets - Applied to the Purdue Model)

 Key Takeaway #2 - Asset and Network Visibility are still top priorities, but they are not alone

Visibility anyone! A constant conversation about OT, what assets and networks resides on the plant floor, substation or oil refineries and where are they located. The most important first step, but not the only objective. Conversations and presentations occurred every day during S4x26 by security vendors and organizations. Once again, this is not a new topic of conversation. What is new for Asset and Network visibility? A comprehensive platform. Solutions and approaches to obtain visibility in OT are mostly mature technologies that provide identification of unique OT assets, the networks and protocols only found in OT footprints as well as the associated security vulnerabilities within these environments. But what do we do once we have this visibility and what about the other requirements to secure OT? As Asset and network visibility is the first step, organizations are either evaluating solutions or have implemented a solution technology to obtain visibility. The issues realized in recent years when deploying 'visibility' are

1) What do we do with this information? Where do we centralize and categorize these assets and networks? And

2) How do we correct and remediate? Once you see the risks associated with this information, it must be addressed and these are the areas that are now new and current topics of conversation as part of the 'platform'. Security leaders often scramble to develop these processes once visibility has begun and the information is presented.

 Key Takeaway #3 – CISOs and IT security leaders are increasingly responsible for securing their OT environments

Responsibility means taking stock of your vulnerable devices and putting them in the context of the criticality of the production process they support. Ideally, this type of criticality view would come from a cyber risk assessment that may already have been conducted (e.g., based on standards such as ISA/IEC62443). For reasons explained above, asset inventories cannot rely solely on vendor-provided vulnerability information; further, they must not interfere with your ongoing production. Therefore, CISOs and security leaders need to understand the recommended methods for building an asset and network inventory, identifying where vulnerable devices may reside, analyzing this traffic to positively identify such devices, and addressing other security and operational issues that require attention. The "attack path" a threat actor could take to exploit security defects, as well as to feed updated information on OT devices and their dependencies into the overall asset management process. This function has been in place in IT for years, but it is relatively new in OT. CISOs and security leaders understand that the approach, methods and difficulty in OT are far less mature than in traditional IT landscapes.

Assuming you have identified vulnerable devices this way and updated your risk assessment accordingly, how do you reduce the related risk, even if it is only in a tactical manner? As every risk or security professional inside or outside your company would tell you, one single measure, one protective layer, will not stop a reasonably skilled and/or persistent attacker; you need OT defense in-depth.

(OT Security in-depth Considerations)

Organizational CISOs have been in place at companies; these leaders understand the myriad of security-related initiatives, risks, compliance requirements, projects and the associated policies governing their security posture. The difference? These objectives apply to OT as well; however, applying these concepts within OT is vastly different. Devices, protocols, operating systems, and downtime windows are unique in OT, and the top priority of human safety (OT) vs protecting data (IT) adds another layer of nuanced differences when securing these environments. This is where organizational security leadership struggles. Thirty years of experience as an IT security leader often does not directly translate into experience securing OT. With board-level awareness and regulatory requirements, among other factors, CISOs are now being tasked with governing and securing their company's OT footprint. Experienced security leaders see how OT and how to approach it are vastly different than IT. In addition, as IT/OT convergence increases, security objectives and initiatives remain the same to protect against threats, but the models are unique.

 Where WWT is Focused

Managing OT risks requires a clear understanding of control maturity using a unified, consistent approach and framework across both OT and IT. Our WWT OT specific Cyber Maturity Program Review provides a solution to help you gain insight into your enterprise's cyber maturity as part of our overall OT Program. The review provides a full picture of your organization's strengths and weaknesses to help you prioritize your security investment in both OT and IT.

Our industry-leading skillset and experience, leveraging our OT Security Program methodology, provides organizations with the tools to elevate cybersecurity in your OT and IT environments and prepare your organization to enhance and protect your OT landscape

We break down organizational activity into specific cybersecurity elements, structured into strategic, tactical, operational, and technical areas, to identify OT assets, networks, communication flows, and key threats and risks.

This approach allows us to determine your cybersecurity maturity using the industry-recognized Capability Maturity Model Integration (CMMI).

At the beginning of the process, a maturity target is defined, and the resulting report provides guidance on how the organization can improve to achieve it and on the required approach to increase OT security capabilities, leverage existing IT security controls for integration, and drive toward an efficient platform model.

Delivered through a comprehensive and flexible portfolio of review options, through an OT Security Program, you obtain:

  • Cyber Situational Awareness: Full visibility of your current capability gaps & cyber risk
  • Understand your OT environment: Enables clear asset & OT specific network visibility, including flows, OT protocols, vulnerabilities, threats & risks
  • Tactical Security Improvements: Understand quick wins and how you can immediately improve your maturity
  • Strategic Roadmap: A prioritized roadmap on how to develop your long-term OT capabilities, which will result in decreased risk to your enterprise
  • Clearly defined IT/OT Convergence: Define and secure connections and zones between IT and OT
  • Critical Infrastructure: Address the added complexity and the sensitivity of these environments, address federal mandates and correlation to national security

For security leaders, top-of-mind conversations prior to S4x26 and conversations solidified during the conference include several key focus considerations for WWT OT Security and how these priorities and initiatives drive toward an OT platform model:

  • Asset and Network Visibility
  • IT/OT Convergence
  • Network Segmentation
  • OT Zero Trust Principles
  • Secure Remote Access into OT Environments
  • OT Security and operational efficiency
  • Incident Response and Business Continuity Planning for OT
  • Identity Management Considerations

WWT focuses holistically on these security domains to secure OT and Critical Infrastructure environments, offering a concise portfolio that underpins people, processes, and technology to drive toward a platform approach that improves security while creating an efficient, optimized approach for OT.

 What to Watch for in 2026 and Beyond

Our point of view highlights new concerns with OT platforms and what to consider in rethinking OT Security. Things to consider and watch out for in 2026 that will increase the awareness of OT platform models and thinking:

  • Critical Infrastructure:
    • Heightened awareness and initiatives to address and implement security controls
    • Adherence to federal mandates
    • Expanded objectives to protect national security
  • Manufacturing:
    • Expansion of existing production environments to increase supply and meet product demands
    • Larger footprint to secure and integrate technologies
    • Smaller manufacturers are becoming larger with increased requirements to secure their production efficiently while controlling costs
  • Oil & Gas:
    • New facilities to meet demand. Integrating current and new environments
    • Securing connectivity in remote locations
  • Utilities:
    • Increased focus to secure the grid
    • Increased capacity to meet the demands of AI
  • Artificial Intelligence:
    • Applying AI within OT environments for predictive maintenance and operational efficiencies
    • Protecting against the AI attack surface in OT/IT Critical Infrastructure

 Next Steps with WWT

WWT helps customers across all verticals: manufacturers, energy and utility operators, Oil & Gas producers, life sciences, and healthcare to secure their OT and IT infrastructure.

We can help by:

  • Developing a comprehensive OT/IT Security Program and roadmap to provide a step-by-step journey to secure your environment that aligns with your business objectives and budgets
  • Design and validate security architecture leveraging our Advanced Technology Center (ATC)
  • Run security workshops to address overall strategy and tactical initiatives
  • Work with our close partners to provide the right solutions for your environment

Let's work together to solidify your OT security journey.