top of page
Search

ThreatScape 2026 - IT/OT Convergence & Risk


Attending ThreatScape 2026 reinforced a central theme: cyber security is no longer a technical function, it is a core driver of organisational resilience, shaped by geopolitics, regulation, and rapid technological change. I had the opportunity to sit on a panel to discuss operational technology resilience, how organisations defend systems against cyber attacks that keep the nation running.


The panel explored how organisations can strengthen the resilience of operational technology (OT) systems that underpin critical national infrastructure spanning energy, water, and transport amid increasing threat activity, regulatory scrutiny, and IT/OT convergence.


A clear consensus emerged: OT resilience is no longer a niche discipline, it is central to national stability, public safety, and organisational accountability. Some of my key takeaways:


1. Visibility is the Foundation of Control

A key theme throughout the discussion was the importance of definitive asset visibility in OT environments.

Panelists emphasised alignment with guidance from the National Cyber Security Centre (NCSC), highlighting that organisations must:


  • Maintain accurate, continuously updated asset inventories

  • Develop clear architectural maps of OT environments

  • Understand dependencies across systems, suppliers, and processes


Without this baseline, effective defence and recovery are fundamentally compromised.


2. Segmentation is Critical in a Converged World

As IT and OT environments continue to converge, the attack surface expands significantly.

The panel highlighted that:


  • Traditional “air gap” assumptions are no longer valid

  • Strong network segmentation and boundary controls are essential

  • Organisations must actively manage and monitor interconnectivity between IT and OT systems


Segmentation was positioned not just as a technical control, but as a core resilience strategy to contain and limit the blast radius of incidents.


3. Managing IT/OT Convergence Risk

The integration of IT and OT brings operational benefits but also introduces new vulnerabilities.


Key risks discussed included:

  • Increased exposure to commodity IT threats entering OT environments

  • Challenges in patching and maintaining legacy OT systems

  • Lack of traditional security tooling compatibility in OT environments


Panelists stressed the need for:

  • Risk-based prioritisation, focusing on systems with the highest operational impact

  • Close collaboration between IT, OT, and security teams

  • Tailored controls that respect the availability and safety requirements of OT systems


4. Recovery is as Important as Protection

A major shift in mindset discussed was the move from prevention-first to resilience-first thinking.


In OT environments, recovery is uniquely complex due to:

  • Physical process dependencies

  • Safety considerations

  • Long restoration times for industrial systems


Best practices highlighted included:

  • Developing and regularly testing service-focused recovery plans

  • Ensuring fallback procedures for manual or degraded operations

  • Understanding the minimum viable service levels required to maintain critical functions


Resilience was defined not as avoiding disruption entirely, but as the ability to safely and rapidly restore essential services.


5. Regulatory Pressure is Driving Maturity

Increasing regulatory expectations are accelerating improvements in OT security.


The panel discussed how frameworks and guidance are pushing organisations to:

  • Formalise asset management and documentation

  • Demonstrate clear accountability for OT risk

  • Evidence tested resilience and recovery capabilities


Rather than viewing regulation as a burden, leading organisations are using it to:

  • Justify investment

  • Strengthen governance

  • Align cyber resilience with broader organisational risk management



Key Takeaway

The panel reinforced that defending OT is fundamentally about protecting real-world outcomes keeping power flowing, water clean, and transport systems operational.


True resilience requires:

  • Deep visibility

  • Strong architectural control

  • Integrated IT/OT collaboration

  • And a relentless focus on recovery and continuity


In today’s threat landscape, OT security is no longer just about preventing cyber incidents, it is about ensuring the continuity of the systems that society depends on most.


Comments

bottom of page