Skip to main content

OT/ICS Cybersecurity

A Notable Shift in Operational Technology Cybersecurity

Author Nick Cappi

With conference season in full swing, this time of year is a whirlwind for vendors and customers alike. While attending events and following discussions on LinkedIn, I’ve noticed a distinct shift in focus—one that signals a maturing operational technology (OT) cybersecurity landscape.

Not long ago, OT cybersecurity conferences were dominated by vendor ‘bake-offs’. These competitions sought to determine who could identify the most assets, detect the most vulnerabilities or spot the most indicators of compromise. Each event aimed to declare a "winner," but results varied from conference to conference, leading to more confusion than clarity. The reason? These bake-offs rarely reflected real-world industrial environments.

Industrial networks are inherently complex—multi-vendor ecosystems with isolated assets, layered networks and devices that don’t always communicate or broadcast useful data. Yet, these competitions often favored highly controlled conditions: simplified networks, chatty protocols and assets from a single vendor. That’s hardly representative of the real-world environments I’ve worked in.

This isn’t a critique of the conference organizers but rather a recognition of how far we’ve come. The industry is evolving beyond vendor-versus-vendor showdowns—where the assumption was that a single solution could solve OT cybersecurity—to a more collaborative approach. Today, the conversation is about how vendors can work together to deliver value to more than one aspect of the risk equation, combining complementary solutions to minimize both the probability and consequence of an incident. 

 

Collaboration Over Competition 

This shift isn’t limited to the conference circuit, it’s happening across the entire OT security ecosystem.

We’re seeing strategic partnerships between Deep Packet Inspection (DPI) anomaly and threat detection vendors (who capture some level of asset inventory) and ICS configuration management solutions which excel at documenting system design and can gain visibility to assets in lower levels of the Purdue Model but lack real-time traffic visibility. These alliances provide asset owners with the best of both worlds: the depth of coverage from configuration management solutions and the broad, real-time insights from DPI.

At this point, few, if any, heavy processing industry operators believe that a DPI solution alone will provide the visibility they need to effectively manage their assets. The same is true for configuration management solutions. The industry now recognizes that both are essential. The conversation has shifted from Which technology should I buy? to How do these technologies work together to solve bigger problems?

Ultimately, this all ties back to risk and how we manage both the probability and consequence of an incident. From my own experience in the ICS configuration management space, nearly every opportunity now involves some level of integration with a DPI solution. Likewise, most of the existing customers I work directly with are actively exploring ways to connect Hexagon’s solution with a DPI vendors’ technology. No matter which DPI vendor you name, there’s a customer looking to integrate data to tackle broader security and operational challenges. 

 

The Role of Global System Integrators 

As market analysts, conference organizers, vendors and customers increasingly recognize that no single solution can address OT cybersecurity alone, so do the Global System Integrators (GSIs) responsible for recommending and implementing these solutions.

I’ve had countless conversations with GSIs who have deployed technology but aren’t achieving the expected level of visibility. The question they’re asking now isn’t Which tool should we use instead? But rather How do we combine technologies to meet the customer’s expectations? 

 

A More Mature Approach to OT Security 

We’re reaching a point of maturity where the conversation is no longer about finding a magic bullet but rather about implementing a best-in-class approach to solving real-world problems. This shift represents a fundamental change in the market—moving us from competition to collaboration. Instead of incremental improvements, we’re now seeing step changes in how we simultaneously reduce both the probability and consequence of cybersecurity incidents. The ultimate goal? Reducing real risk for the shared customer.

There’s another shift happening, one centered on recognizing where the biggest threats actually exist within industrial environments, but I’ll save that for another post so stay tuned.

About the Author

Nick Cappi is Vice President, Portfolio Strategy and Enablement for OT Cybersecurity in Hexagon Asset Lifecyle Intelligence division. Nick joined PAS in 1995, which was acquired by Hexagon in 2020. In his role, Nick oversees commercial success of the business, formulates and prioritizes the strategic themes, and works with product owners to set strategic product direction. During his tenure at PAS, Nick has held a variety of positions including Vice President of Product Management and Technical Support, Director of Technical Consulting, Director of Technology, Managing Director for Asia Pacific Region, and Director of Product Management. Nick brings over 26 years of industrial control system and cybersecurity experience within the processing industries.

Profile Photo of Nick Cappi
More Content by Nick Cappi