top of page
< Back

Robert Esposito

Global Solutions Architect, Ai Security

World Wide Technology

Read More

Securing the Unseen: Reducing Risk by Integrating ICS/OT Systems into Your Cybersecurity Program

In today's digital landscape, cybercriminals and nation-states are increasingly targeting vulnerable critical infrastructure sectors, including oil & gas, power & energy, and water management. These sectors rely heavily on Industrial Control Systems (ICS) and Operational Technology (OT) devices, which are often inadequately secured or monitored, and many assets are antiquated systems, making them prime targets for exploitation.


ICS/OT systems are intricate networks comprising various devices such as sensors, actuators, field controllers, supervisory computers, and human-machine interfaces (HMI). These systems manage essential functions, from physical security to medical devices, and their compromise poses significant risks to enterprises, including safety, leading to potential liabilities. As cybersecurity insurance providers demand greater visibility into these assets, organizations face mounting pressure to enhance their security measures.


Surprisingly, despite the critical importance of these systems, many enterprises lack visibility into their own infrastructure. They often do not know what devices are present, their locations, who accesses them, their functions, the data they contain, the location of the data (on-prem or cloud) or the security vulnerabilities often found in these systems. And because of the overwhelming presence and complexity of legacy systems in OT/ICS, rapid recovery and restoration of these systems can be most difficult if these systems are compromised.


Compounding these challenges, the emergence of AI applications and Agentic AI interfacing with these systems via Non-Human Identities (NHI) introduces new threat vectors that adversaries can exploit. Regulatory compliance agencies are also poised to mandate compliance of ICS/OT systems with existing security frameworks like NIST AI Risk Management Framework (AI RMF), MITRE Adversarial Threat Landscape for Artificial Intelligence Systems (ATLAS) for safeguarding AI systems against adversarial tactics and techniques.


If regulatory compliance is mandated or not, this raises a critical question: Are you prepared to identify and incorporate these devices into your security program alongside traditional IT assets? For many enterprises, the answer is no.


This presentation will guide you through the process of integrating ICS/OT systems into your comprehensive security strategy, and briefly explore on 3 key areas: 1) Accurate device identification, posture and configuration management, secure access control; 2) Resilience and recovery; and 3) the hidden identity risks of agentic AI Non-Human Identities (NHI) and how identity controls apply to Agentic AI systems. Advances in technology now enable the safe identification, management, and rapid restoration for resilience of even the most outdated devices, while secure remote access solutions offer Privileged Access Management (PAM) capabilities, including Multifactor Authentication (MFA) and identity-based access.


Join us to discover how to effectively incorporate ICS/OT systems into your security program. Gain insights into the latest security challenges facing ICS/OT systems, and the tools available to maintain robust security management.


Attendee Takeaways:


  • Learn strategies for integrating ICS/OT systems into your security program.

  • Understand the importance of accurate discovery and posture management of OT/ICS.

  • Discover some of the latest solution approaches for OT/ICS resilience.

  • How to advance your security program maturity in key areas device management, resilience/recovery, and identity & access management to address the cybersecurity risks and regulatory compliance challenges associated with OT/ICS and Agentic AI systems.

bottom of page