{"id":23503,"date":"2025-08-28T11:37:09","date_gmt":"2025-08-28T10:37:09","guid":{"rendered":"https:\/\/interface.media\/?p=23503"},"modified":"2025-08-28T11:37:15","modified_gmt":"2025-08-28T10:37:15","slug":"why-ot-security-strategies-fail-without-ot-native-thinking","status":"publish","type":"post","link":"https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/","title":{"rendered":"Why OT security strategies fail without OT-native thinking"},"content":{"rendered":"\n<p>Organisations are realising the importance of securing their operational technology (OT) environments, however many are also finding out that spending alone does not guarantee resilience. Despite adopting new tools and frameworks, core issues persist, these being limited visibility, alert fatigue, and incident response strategies that fail to reflect the operational reality. The reason? Too many approaches are built on IT-centric assumptions.<\/p>\n\n\n\n<p>Working closely with operators of critical infrastructure, we at <a href=\"https:\/\/www.dragos.com\/\">Dragos<\/a> frequently encounter well-intentioned security programmes that simply don\u2019t work in practice, because they weren\u2019t designed with OT in mind. It\u2019s no longer a question of <em>why <\/em>OT security matters. The focus now must be on <em>how<\/em> to implement it effectively. That begins with thinking differently, and understanding what OT-native security truly looks like.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-ot-is-not-just-another-it-environment\">OT is not just another IT environment<\/h3>\n\n\n\n<p>OT environments operate under distinct constraints and priorities. IT security is generally centred on protecting data and managing user access. However, OT security is about maintaining uptime, operational continuity, and safety. A disruption in IT\u2014whether caused by an outage, cyber threat, or unscheduled maintenance\u2014 might result in productivity loss. In OT, it could shut down production, essential services such as power and water, or compromise safety systems.<\/p>\n\n\n\n<p>The systems underpinning many OT assets, ranging from programmable logic controllers (PLCs) to SCADA networks, are often decades old and not built with cybersecurity in mind. Many use bespoke protocols, proprietary technologies, and complex hardware combinations that traditional IT tools cannot effectively interrogate.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-vulnerability-management-must-reflect-operational-constraints\">Vulnerability management must reflect operational constraints<\/h3>\n\n\n\n<p>In IT, patching is often the default response to a discovered vulnerability. In OT, it\u2019s rarely that simple. Many industrial systems require months of planning before updates can be deployed. Unplanned downtime is costly and, in some sectors, dangerous.<\/p>\n\n\n\n<p>A more pragmatic approach is required: risk-based vulnerability management that accounts for operational context. Where patching is not immediately feasible or optimal, strategies such as network segmentation, access control, and enhanced monitoring offer mitigations that maintain both uptime and protection.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-ot-threat-detection-must-be-purpose-built\">OT threat detection must be purpose built<\/h3>\n\n\n\n<p>Generic anomaly detection, common in IT, produces a high volume of alerts. Many of these alerts are irrelevant in an OT context. This leads to alert fatigue and wasted effort. OT-native detection tools, by contrast, are built around known attacker tactics, techniques and procedures (TTPs) specific to industrial environments.<\/p>\n\n\n\n<p>By focusing on high-fidelity indicators of malicious activity, rather than raw anomalies, these tools enable faster, more decisive responses and help security teams concentrate on what genuinely matters.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-ot-and-it-security-must-be-integrated-but-equitably\">OT and IT security must be integrated, but equitably<\/h3>\n\n\n\n<p>It is increasingly important for organisations to bring their OT and IT security functions into alignment. But this must be done in a way that respects the unique requirements of each. Too often, integration efforts are driven from the IT side alone, applying unsuitable tools and processes to OT environments.<\/p>\n\n\n\n<p>Successful integration depends on mutual understanding, ensuring that IT and OT teams collaborate on policies, incident response, and risk prioritisation, while still maintaining the protections and performance requirements that OT systems demand.<\/p>\n\n\n\n<p>As cyber threats targeting critical infrastructure become more sophisticated, so too must our response. Many of the most common OT security pitfalls stem not from lack of investment, but from misplaced assumptions &#8211; treating OT as an extension of IT, rather than a domain in its own right.<\/p>\n\n\n\n<p>A critical, and often overlooked, component of successful integration is the development of a dedicated OT Incident Response (IR) plan. OT environments have unique operational, safety, and continuity requirements that demand tailored response strategies. Simply adapting existing IT IR plans to OT contexts is insufficient and potentially dangerous. Instead, organisations must invest in OT-specific response plans that account for industrial processes, asset criticality, and the real-world consequences of downtime or missteps.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-true-resilience-nbsp\">True resilience&nbsp;<\/h3>\n\n\n\n<p>True resilience depends not only on these dedicated OT IR plans, but also on their seamless integration with existing IT incident response processes. This means establishing clear communication protocols, joint playbooks, and shared situational awareness between IT and OT teams\u2014while respecting the specialised requirements of each environment. Policies, risk prioritisation, and incident escalation procedures must be developed collaboratively to avoid gaps or conflicting actions during a crisis.<\/p>\n\n\n\n<p>However, having plans on paper is not enough. The effectiveness of both OT and integrated IT\/OT incident response plans hinges on regular validation through realistic exercises, such as tabletop simulations. These exercises expose gaps, foster mutual understanding, and build confidence among cross-functional teams. They are essential for preparing personnel to respond quickly and appropriately to complex cyber-physical scenarios.<\/p>\n\n\n\n<p>At Dragos, we see this reality every day. The organisations best positioned to withstand future threats are those adopting security practices designed with their operational context in mind. These practices prioritise visibility, safety, and continuity, as much as they do compliance.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Magpie Graham, Technical Director of Threat Intelligence at Dragos, on why the organisations best positioned to withstand future threats are those who adopt security practices designed with their operational context in mind.<\/p>\n","protected":false},"author":480,"featured_media":23504,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"apple_news_api_created_at":"2025-08-28T10:37:13Z","apple_news_api_id":"2ac491e0-237d-484e-b61c-09d1759a1b59","apple_news_api_modified_at":"2025-08-28T10:37:13Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/AKsSR4CN9SE62HAnRdZobWQ","apple_news_cover_media_provider":"image","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_cover_video_id":0,"apple_news_cover_video_url":"","apple_news_cover_embedwebvideo_url":"","apple_news_is_hidden":"","apple_news_is_paid":"","apple_news_is_preview":"","apple_news_is_sponsored":"","apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":[],"apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[3],"tags":[],"topic":[613],"class_list":["post-23503","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-interface","topic-cybersecurity"],"acf":[],"apple_news_notices":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.6 (Yoast SEO v26.6) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Why OT security strategies fail without OT-native thinking - Interface<\/title>\n<meta name=\"description\" content=\"The organisations best positioned to withstand future threats are those who adopt security practices designed with their OT context in mind.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why OT security strategies fail without OT-native thinking\" \/>\n<meta property=\"og:description\" content=\"The organisations best positioned to withstand future threats are those who adopt security practices designed with their OT context in mind.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/\" \/>\n<meta property=\"og:site_name\" content=\"Interface\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-28T10:37:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-28T10:37:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/08\/iStock-2194752141.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1365\" \/>\n\t<meta property=\"og:image:height\" content=\"768\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dan Brightmore\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dan Brightmore\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/\",\"url\":\"https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/\",\"name\":\"Why OT security strategies fail without OT-native thinking - Interface\",\"isPartOf\":{\"@id\":\"https:\/\/interface.media\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/08\/iStock-2194752141.jpg\",\"datePublished\":\"2025-08-28T10:37:09+00:00\",\"dateModified\":\"2025-08-28T10:37:15+00:00\",\"author\":{\"@id\":\"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748\"},\"description\":\"The organisations best positioned to withstand future threats are those who adopt security practices designed with their OT context in mind.\",\"breadcrumb\":{\"@id\":\"https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/#primaryimage\",\"url\":\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/08\/iStock-2194752141.jpg\",\"contentUrl\":\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/08\/iStock-2194752141.jpg\",\"width\":1365,\"height\":768,\"caption\":\"Security with Connect the Dots Futuristic digital background. Abstract connections and digital network. Data and communications technology. 3d illustration.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/interface.media\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Why OT security strategies fail without OT-native thinking\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/interface.media\/#website\",\"url\":\"https:\/\/interface.media\/\",\"name\":\"Interface\",\"description\":\"Delivering World Class Content \u201cFrom Executive, For Executive\u201c\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/interface.media\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748\",\"name\":\"Dan Brightmore\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/interface.media\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g\",\"caption\":\"Dan Brightmore\"},\"url\":\"https:\/\/interface.media\/blog\/author\/dbrightmore\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Why OT security strategies fail without OT-native thinking - Interface","description":"The organisations best positioned to withstand future threats are those who adopt security practices designed with their OT context in mind.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_GB","og_type":"article","og_title":"Why OT security strategies fail without OT-native thinking","og_description":"The organisations best positioned to withstand future threats are those who adopt security practices designed with their OT context in mind.","og_url":"https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/","og_site_name":"Interface","article_published_time":"2025-08-28T10:37:09+00:00","article_modified_time":"2025-08-28T10:37:15+00:00","og_image":[{"width":1365,"height":768,"url":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/08\/iStock-2194752141.jpg","type":"image\/jpeg"}],"author":"Dan Brightmore","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Dan Brightmore","Estimated reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/","url":"https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/","name":"Why OT security strategies fail without OT-native thinking - Interface","isPartOf":{"@id":"https:\/\/interface.media\/#website"},"primaryImageOfPage":{"@id":"https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/#primaryimage"},"image":{"@id":"https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/#primaryimage"},"thumbnailUrl":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/08\/iStock-2194752141.jpg","datePublished":"2025-08-28T10:37:09+00:00","dateModified":"2025-08-28T10:37:15+00:00","author":{"@id":"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748"},"description":"The organisations best positioned to withstand future threats are those who adopt security practices designed with their OT context in mind.","breadcrumb":{"@id":"https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/#primaryimage","url":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/08\/iStock-2194752141.jpg","contentUrl":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/08\/iStock-2194752141.jpg","width":1365,"height":768,"caption":"Security with Connect the Dots Futuristic digital background. Abstract connections and digital network. Data and communications technology. 3d illustration."},{"@type":"BreadcrumbList","@id":"https:\/\/interface.media\/blog\/2025\/08\/28\/why-ot-security-strategies-fail-without-ot-native-thinking\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/interface.media\/"},{"@type":"ListItem","position":2,"name":"Why OT security strategies fail without OT-native thinking"}]},{"@type":"WebSite","@id":"https:\/\/interface.media\/#website","url":"https:\/\/interface.media\/","name":"Interface","description":"Delivering World Class Content \u201cFrom Executive, For Executive\u201c","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/interface.media\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748","name":"Dan Brightmore","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/interface.media\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g","caption":"Dan Brightmore"},"url":"https:\/\/interface.media\/blog\/author\/dbrightmore\/"}]}},"_links":{"self":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts\/23503","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/users\/480"}],"replies":[{"embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/comments?post=23503"}],"version-history":[{"count":1,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts\/23503\/revisions"}],"predecessor-version":[{"id":23505,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts\/23503\/revisions\/23505"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/media\/23504"}],"wp:attachment":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/media?parent=23503"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/categories?post=23503"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/tags?post=23503"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/topic?post=23503"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}