惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Security Archives - TechRepublic
Security Archives - TechRepublic
罗磊的独立博客
T
The Blog of Author Tim Ferriss
The GitHub Blog
The GitHub Blog
Apple Machine Learning Research
Apple Machine Learning Research
The Register - Security
The Register - Security
J
Java Code Geeks
V2EX - 技术
V2EX - 技术
Vercel News
Vercel News
N
News and Events Feed by Topic
腾讯CDC
P
Proofpoint News Feed
N
News | PayPal Newsroom
www.infosecurity-magazine.com
www.infosecurity-magazine.com
爱范儿
爱范儿
O
OpenAI News
酷 壳 – CoolShell
酷 壳 – CoolShell
月光博客
月光博客
Martin Fowler
Martin Fowler
Engineering at Meta
Engineering at Meta
D
Docker
Y
Y Combinator Blog
博客园 - 聂微东
G
Google Developers Blog
S
Security @ Cisco Blogs
Simon Willison's Weblog
Simon Willison's Weblog
S
Schneier on Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
S
SegmentFault 最新的问题
云风的 BLOG
云风的 BLOG
阮一峰的网络日志
阮一峰的网络日志
C
CXSECURITY Database RSS Feed - CXSecurity.com
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
CERT Recently Published Vulnerability Notes
I
Intezer
G
GRAHAM CLULEY
有赞技术团队
有赞技术团队
Attack and Defense Labs
Attack and Defense Labs
V
Visual Studio Blog
博客园 - Franky
博客园 - 三生石上(FineUI控件)
W
WeLiveSecurity
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Hugging Face - Blog
Hugging Face - Blog
Scott Helme
Scott Helme
T
Troy Hunt's Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
L
LINUX DO - 最新话题
C
Cybersecurity and Infrastructure Security Agency CISA

Fortinet All Blogs

The TTF Trap: A Global Campaign of a Low-Detection Lua Loader | FortiGuard Labs Helping Law Enforcement Keep Pace with the Future of Cybercrime | Fortinet Blog FortiEndpoint Expands Security for the AI Era | Fortinet Blog Cyber Attacks Leveraging AI Require Behavior-First Security Training, Not Simply Better Awareness | Fortinet Blog The AI Era Needs a New SASE. Here’s What That Actually Looks Like. | Fortinet Blog Analysis of Ongoing Ousaban Attacks Targeting the Iberian Peninsula | FortiGuard Labs Update on Fortinet Use of Frontier AI | CISO Collective Fortinet Supports INTERPOL Operation CyberProtect III Targeting Online Exploitation From CI/CD to Cloud Data: How Shai Hulud Persistence Leads to Redshift Breach | FortiGuard Labs Fortinet Launches Its Product Carbon Footprint Calculator FortiSASE Training Builds Skills for Secure Access Success | Fortinet Blog Analysis of Reported Credential Compromise of FortiGate Devices | Fortinet Blog Teaching Cybersecurity the Way It’s Actually Used | Fortinet Blog Introducing FortiSOC: One Platform, Total Control | Fortinet Blog Public-Private Cooperation Is Critical to AI-Driven Cyber Defense | Fortinet Advancing Threat-Informed Defense through Fortinet’s Collaboration with MITRE CTID | Fortinet Threat Actors Weaponize AI Hype to Deliver AsyncRAT | FortiGuard Labs Fortinet Achieves 1 Million People Trained in Cybersecurity Goal Ahead of Schedule | Fortinet Blog While OT Security Is Maturing, Risk Is Not Slowing Down | Fortinet Blog AI Policy Meets Operational Reality: White House AI Cybersecurity Order Calls for Public-Private Coordination | Fortinet Blog Executive Q&A: Strong Q1 Momentum Driven by Differentiated Innovation and Customer Demand | Fortinet Fortinet Earns AV-Comparatives Certification for EDR Detection Visibility | Fortinet Blog Cybercriminals Are Targeting the FIFA World Cup 2026 | FortiGuard Labs Fortinet Achieves AV-Comparatives Certification for Process Injection Protection | Fortinet Blog Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO | FortiGuard Labs Battling AI-Based Threats with FortiNDR | Fortinet Blog Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data Defending Critical Infrastructure: Why OT Security Demands a Threat-Informed Approach | CISO Collective Misconfigured, Enrolled and Dormant: Anatomy of a P2Pinfect Kubernetes Compromise | FortiGuard Labs Fortinet Expands Cybersecurity Investment in the United Arab Emirates | Fortinet Blog PureLogs: Delivery via PawsRunner Steganography | FortiGuard Labs The Future of Connectivity | Fortinet Blog Fortinet at the World Economic Forum: Frontier AI models, AI-Driven Threats, Deepfakes, and the Future of Cyber Defense | Fortinet Blog The Fortinet 2025 Sustainability Report | Fortinet Blog Supercharged Security: Security in the Time of Mythos | CISO Collective Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign | FortiGuard Labs AI Security Is an Architectural Decision | Fortinet Blog Fortinet Training Institute Wins Industry Accolades | Fortinet Blog Shadow AI: The Invisible Risk Growing Inside Your Organization | Fortinet Blog Leading by Example in Sustainability: Fortinet Expands Global EPD Certification | Fortinet Blog When Cybercrime Becomes an Industry | Fortinet Blog FortiOS 8.0: Redefining Secure Networking in the AI and Quantum Era | Fortinet Blog Why the 2026 AI Cybersecurity Summit Matters | Fortinet Blog DPRK-Related Campaigns with LNK and GitHub C2 | FortiGuard Labs AI Is Changing Application Threats Faster Than Teams Can Adapt | Fortinet Blog Announcing the Fortinet Training Institute’s 2026 ATC Award Winners | Fortinet Blog Disrupting Cybercrime Networks at Scale Requires Sustained Global Collaboration | Fortinet Blog
Securing the Physical World as It Comes Online | Fortinet Blog
2026-04-03 · via Fortinet All Blogs

For decades, operational technology (OT) quietly powered the physical systems societies rely on every day, from energy generation and manufacturing to transport and defense. Those systems were largely isolated, designed for reliability and safety rather than connectivity. That isolation is disappearing.

In the fifth episode of season 2 of Brass Tacks: Talking Cybersecurity podcast, we examine why OT has become a central cybersecurity concern. Host Joe Robertson speaks with Hossain Alshedoki, Partner at KPMG Middle East and Global Lead for OT and IoT, about why critical industries are increasingly exposed to cyberattacks and what leaders must do as IT and OT environments converge.

Why OT Is “New” to Being Online

Unlike enterprise IT, OT systems were never designed to be connected to the outside world.

OT controls critical physical processes. Valves, turbines, assembly lines, electrical grids, and industrial machinery are managed through systems that prioritize availability and safety above all else. Minor changes in the environment can spell disaster. As a result, for much of their history, these systems operated in closed environments, with limited exposure to external networks.

That model, however, is changing. Digital transformation, automation, and data-driven decision-making are pushing OT systems to connect with corporate IT environments. As a result, OT is now facing cyber risks that IT has spent decades learning to manage.

Controlling the Physical vs. the Virtual

A central theme of the episode’s discussion is the fundamental difference between IT and OT.

IT governs virtual processes, data, applications, and business workflows. OT governs physical reality. When something goes wrong in IT, systems may be shut down to prevent data loss. When something goes wrong in OT, the consequences of system shutdowns can include physical damage to the connected devices, environmental harm, or even risk to human life.

That critical distinction fundamentally changes how cyber risk must be understood and dealt with. OT security failures are not just business disruptions. They can become physical safety incidents.

Understanding the OT Landscape

Alshedoki helps demystify the OT environment by breaking it into its core building blocks.

Industrial control systems (ICS) form the overarching environment that manages operational processes. Within that environment, technologies such as supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLCs), and distributed control systems (DCS) execute logic and coordinate physical actions. Increasingly, these environments are evolving into cyber-physical systems, where computing, networking, and physical processes are tightly integrated.

As connectivity grows, so does complexity. To complicate matters further, many organizations are still developing a shared vocabulary between IT and OT teams—especially since they often have different priorities—which can slow progress and increase risk.

IT/OT Convergence Is Accelerating, But It’s Not New

The idea of IT and OT convergence is often treated as a recent development, but Alshedoki pushes back on that framing. Elements of convergence have existed for years. What has changed is the scale and intent. Organizations now want data to flow from the factory floor to the boardroom, enabling analytics, automation, and better decision-making across the business.

This requires new architectures. Traditional OT models, often structured around hierarchical frameworks such as the Purdue Model, were not designed for the flat, interconnected architectures common in IT. As a result, simply merging networks is not enough. Convergence must be deliberate, secure, and aligned with how both environments actually operate. And that takes time, planning, and expertise that many organizations lack.

Culture Is the Hardest Part

Technology is only part of the challenge. Historically, OT engineers focused on uptime, safety, and performance, while IT security teams focused on the confidentiality, integrity, and availability of data. As responsibility for cyber resilience expands across the organization, those worlds are colliding.

Alshedoki describes this primarily as a cultural issue. CISOs are increasingly accountable for cyber risk across the enterprise, often without visibility into OT environments. At the same time, OT teams may view security controls as potential threats to operational stability.

Bridging that gap requires trust, shared understanding, and collaboration, not just new tools. That requires a shift in culture.

Visibility Comes Before Automation

One of the clearest lessons from the episode is practical. Before organizations automate controls or apply advanced governance frameworks, they need visibility. The challenge is that many OT environments lack accurate asset inventories or vulnerability insight. In some cases, simply monitoring the network reveals connected devices that were previously unknown.

Without that foundational understanding, automation can generate misleading data or even disrupt operations. Knowing what assets exist, how they communicate, and where risks lie is a prerequisite for meaningful security.

Extending IT Capabilities into OT—Carefully

Alshedoki shares examples of organizations that have made progress by extending proven IT security capabilities into OT environments in a measured way.

This includes adapting anomaly detection, governance processes, and resilience planning to OT realities, while respecting operational constraints. Success depends on people and process as much as technology, including cross-training, secondment programs, and shared ownership of risk. The result is not instant transformation, but incremental improvement in resilience and visibility.

Resilience Is the Goal

The conversation concludes with a focus on outcomes rather than tools. As OT systems become more connected, leaders must balance security, safety, and operational continuity. The goal is not to replicate IT security models wholesale, but to build environments that are agile, resilient, and able to evolve as technology changes.

Culture, Alshedoki emphasizes, is the umbrella that covers the entire transition. When IT and OT teams understand each other’s priorities and constraints, organizations are far better positioned to secure the physical systems their societies depend on.

About Brass Tacks: Talking Cybersecurity

Brass Tacks: Talking Cybersecurity is Fortinet’s podcast series focused on the real-world risks shaping today’s digital landscape. In season 2, the series expands its lens beyond technology and business to examine cybersecurity as a societal challenge—one that touches governments, critical infrastructure, public services, and everyday life.

Each episode features conversations with experts from policy, academia, and industry, offering practical insight into how organizations and societies can strengthen resilience, manage risk, and respond to an evolving threat environment.

You can watch Brass Tacks episodes on Fortinet TV and YouTube, or listen on your preferred podcast platform under the Fortinet Cybersecurity Podcast channel.