From the early days of NERC CIP to current emerging standards such as the TSA or NIST directives abroad the same basic challenges faced all OT practitioners such as a lack of staff, ability to accurately identify and track risk, and most of all, difficulty deploying remediation and tracking status. Especially when you consider the extreme volume and diversity of critical and often fragile OT assets.

This discussion will highlight some historical trends and missteps as well as some observations as to what is proving to be immensely useful for front-line OT security practitioners as evidenced by our global manufacturing client case study in response to Log4J.