Rethinking OT Security: Insights from Almog Apirion, CEO of Cyolo
At S4 Tampa, Almog Apirion, CEO of Cyolo, shared his expertise on securing cyber-physical systems, tackling zero trust challenges, AI-driven threats, and the future of identity-based security. His journey from leading the Israeli Navy’s cyber unit to protecting global industrial operations has given him a unique perspective on what truly works—and what doesn’t—in OT security.
Why Traditional OT Security Models Are Failing
OT security is fundamentally different from IT security. Most remote access solutions fail to meet the unique demands of cyber-physical environments. Apirion realized a critical flaw in many security solutions:
“Can you access my network without anyone on my team knowing?”
Most vendors dodged the question, revealing that many security providers hold customer access policies and encryption keys, making them high-value targets for attackers. In OT environments, where access to a nuclear plant or power grid is at stake, this is a major security risk.
The Flaws of VPN-Based Security
Many organizations still rely on VPNs, especially after COVID-19 forced remote access to industrial environments. But VPNs have become a security liability, leading to:
- Nine different legacy systems stacked together—jump boxes, MFA, file transfers, and session recording
- Increased attack surfaces, as VPNs create open pathways into critical infrastructure
- Complexity and inefficiency, forcing engineers to navigate cumbersome security layers
The challenge? Security should protect operations, not slow them down.
Balancing Security and Usability
A key takeaway from Apirion’s experience: the most secure system in the world is one that nobody uses.
Many security leaders believe in a “security vs. usability” trade-off—improving one means sacrificing the other. Cyolo is proving that security, operational agility, and user experience can all improve together.
AI and the Next Frontier of Cyber Threats
Apirion also highlighted a growing risk in industrial security: AI-driven manipulation.
- Operators increasingly rely on AI for decision-making
- Attackers could hijack AI responses, making users trust malicious commands
- This psychological vulnerability could lead to real-world safety failures in critical infrastructure
The Future: Identity-Based Machine-to-Machine Security
The next evolution of OT security isn’t just about humans—it’s machine-to-machine communication. Apirion emphasizes that:
- Machines will require verifiable digital identities for secure operations
- Identity-based security will be essential for trusted machine-to-machine interactions
- Zero-trust principles must extend beyond human access to autonomous systems and industrial AI
The OT security landscape is changing fast, and companies that rely on legacy VPNs and outdated access models are at risk. As industries become hyperconnected, securing access with identity-based, zero-trust models will be essential.
The question isn’t if industrial security needs to evolve—it’s how fast companies can adapt.
About the author
Lucian Fogoros is the Co-founder of IIoT World.
Fortinet’s Approach to OT Security: Bridging IT and Industrial Worlds with Ruggedized Solutions
At S4 Tampa, Fortinet showcased its innovative strategies for operational technology (OT) security. Richard Springer Director, Marketing, OT Solutions, provided insights into how the company is addressing IT/OT convergence and modernizing critical infrastructure with advanced, ruggedized products. Connecting IT and OT:
Strengthening OT Supply Chain Security: Key Insights from S4 Conference
The evolving landscape of cyber threats poses significant risks to industrial operations, particularly the supply chain. At the recent S4 Conference, experts highlighted critical strategies for enhancing supply chain security in operational technology (OT). This interview with Eric Byres, Senior
Securing the Future of Industrial Operations: How Smart RTUs Are Changing the Game
Cybersecurity remains one of the most pressing challenges in industrial operations, but the biggest risk isn’t just external threats—it’s how companies manage and control access to critical infrastructure. James Redmond, Global Offer Manager for SCADA & Telemetry at Schneider Electric,