Futureproofing OT Security: Strategies to Protect Critical Infrastructure
Cyber threats are evolving at an unprecedented pace, and regulations are tightening across industries. In a recent conversation at the S4 conference, Vivek Ponnada, SVP of Growth & Strategy at Frenos, shared valuable insights on how organizations can bolster their Operational Technology (OT) security posture. Fresno’s, a startup backed by recent seed funding, focuses on prioritizing risks and delivering immediate value to its customers.
The Need to Act Before Regulations Demand It
Vivek emphasized the importance of proactive action rather than waiting for regulatory mandates. “Waiting for regulations is like waiting for the doctor to tell you to stop eating fries because you’re at risk of a heart attack,” he said. Organizations must recognize that OT security has long been an underserved segment, often overshadowed by IT security. With increased attention from companies like Moody’s and insurance providers, now is the time to address OT security vulnerabilities.
Common Mistakes in OT Security Implementation
One of the most critical mistakes Vivek highlighted is treating OT security as a “science project.” Many companies delay action by embarking on lengthy, complex assessments that take months to complete. “There’s already 15+ years of experience and proven solutions in the industry,” he said. Rather than trying to “boil the ocean,” organizations should focus on quick wins to build momentum and demonstrate value.
Shifting the Value Proposition Beyond Insurance
Security tools are often seen as an insurance policy—essential but non-revenue-generating. Vivek advised vendors to showcase value beyond risk mitigation. For instance, upgrading infrastructure not only enhances security but can also improve reliability, uptime, and operational efficiency. “If security investments align with revenue goals, decision-makers are more likely to prioritize them,” he noted.
Addressing the Skilled Labor Shortage with Automation
The OT security industry faces a significant skills gap. With limited talent available, automation becomes a key enabler of resilience. “We can’t solve the labor shortage overnight,” Vivek said, “but we can use AI and automation to empower existing teams.” By implementing policies that streamline processes and facilitate knowledge sharing, companies can extend the capabilities of their workforce across multiple sites.
Fresno’s Approach: Faster, Continuous OT Security Assessments
Vivek explained that one of the biggest challenges in OT security is the delayed realization of value. Traditional approaches often require 12 to 24 months before tangible results emerge. Fresno aims to address this by offering repeatable, consistent, and continuous assessments. This approach allows organizations to identify and address high-priority risks immediately rather than waiting for extensive assessments to conclude.
The Low-Hanging Fruit: Security Awareness Training
When asked about the easiest immediate action organizations can take, Vivek pointed to employee training. “The biggest risk often comes from a lack of security awareness,” he said. By educating employees about security best practices, companies can significantly reduce insider threats, whether malicious or accidental. Awareness programs are cost-effective and yield quick, substantial benefits.
Using Safety as a Model for Security
Drawing from his experience at S4’s metrics challenge, Vivek advocated for leveraging safety protocols as a model for security initiatives. “Many OT professionals already understand the importance of safety training, regular checks, and protective equipment,” he said. Organizations can use familiar safety metrics, like near-misses, and apply similar concepts to track and manage cybersecurity incidents.
Looking Ahead
The conversation with Vivek underscores the urgent need for proactive, practical, and people-focused strategies in OT security. As cyber threats grow more sophisticated, companies must prioritize risk, invest in automation, and build a culture of security awareness.
About the author
Lucian Fogoros is the Co-founder of IIoT World.
Related articles:
Fortinet’s Approach to OT Security: Bridging IT and Industrial Worlds with Ruggedized Solutions
At S4 Tampa, Fortinet showcased its innovative strategies for operational technology (OT) security. Richard Springer Director, Marketing, OT Solutions, provided insights into how the company is addressing IT/OT convergence and modernizing critical infrastructure with advanced, ruggedized products. Connecting IT and OT:
Strengthening OT Supply Chain Security: Key Insights from S4 Conference
The evolving landscape of cyber threats poses significant risks to industrial operations, particularly the supply chain. At the recent S4 Conference, experts highlighted critical strategies for enhancing supply chain security in operational technology (OT). This interview with Eric Byres, Senior
Rethinking OT Security: Insights from Almog Apirion, CEO of Cyolo
At S4 Tampa, Almog Apirion, CEO of Cyolo, shared his expertise on securing cyber-physical systems, tackling zero trust challenges, AI-driven threats, and the future of identity-based security. His journey from leading the Israeli Navy’s cyber unit to protecting global industrial