惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Know Your Adversary
Know Your Adversary
AI
AI
P
Palo Alto Networks Blog
NISL@THU
NISL@THU
C
CERT Recently Published Vulnerability Notes
P
Privacy International News Feed
Spread Privacy
Spread Privacy
Scott Helme
Scott Helme
L
LINUX DO - 最新话题
A
About on SuperTechFans
Jina AI
Jina AI
Attack and Defense Labs
Attack and Defense Labs
C
CXSECURITY Database RSS Feed - CXSecurity.com
云风的 BLOG
云风的 BLOG
S
Secure Thoughts
Google DeepMind News
Google DeepMind News
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Cisco Talos Blog
Cisco Talos Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
IT之家
IT之家
Blog — PlanetScale
Blog — PlanetScale
H
Hacker News: Front Page
D
DataBreaches.Net
S
SegmentFault 最新的问题
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Engineering at Meta
Engineering at Meta
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Microsoft Azure Blog
Microsoft Azure Blog
Apple Machine Learning Research
Apple Machine Learning Research
Application and Cybersecurity Blog
Application and Cybersecurity Blog
H
Help Net Security
T
The Exploit Database - CXSecurity.com
N
News and Events Feed by Topic
酷 壳 – CoolShell
酷 壳 – CoolShell
V
V2EX
爱范儿
爱范儿
TaoSecurity Blog
TaoSecurity Blog
Vercel News
Vercel News
博客园 - 聂微东
G
GRAHAM CLULEY
博客园 - 三生石上(FineUI控件)
Hacker News: Ask HN
Hacker News: Ask HN
SecWiki News
SecWiki News
A
Arctic Wolf
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
L
Lohrmann on Cybersecurity
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
H
Hackread – Cybersecurity News, Data Breaches, AI and More
PCI Perspectives
PCI Perspectives

Fortinet All Blogs

The TTF Trap: A Global Campaign of a Low-Detection Lua Loader | FortiGuard Labs Helping Law Enforcement Keep Pace with the Future of Cybercrime | Fortinet Blog FortiEndpoint Expands Security for the AI Era | Fortinet Blog Cyber Attacks Leveraging AI Require Behavior-First Security Training, Not Simply Better Awareness | Fortinet Blog The AI Era Needs a New SASE. Here’s What That Actually Looks Like. | Fortinet Blog Analysis of Ongoing Ousaban Attacks Targeting the Iberian Peninsula | FortiGuard Labs Update on Fortinet Use of Frontier AI | CISO Collective Fortinet Supports INTERPOL Operation CyberProtect III Targeting Online Exploitation From CI/CD to Cloud Data: How Shai Hulud Persistence Leads to Redshift Breach | FortiGuard Labs Fortinet Launches Its Product Carbon Footprint Calculator FortiSASE Training Builds Skills for Secure Access Success | Fortinet Blog Analysis of Reported Credential Compromise of FortiGate Devices | Fortinet Blog Teaching Cybersecurity the Way It’s Actually Used | Fortinet Blog Introducing FortiSOC: One Platform, Total Control | Fortinet Blog Public-Private Cooperation Is Critical to AI-Driven Cyber Defense | Fortinet Advancing Threat-Informed Defense through Fortinet’s Collaboration with MITRE CTID | Fortinet Threat Actors Weaponize AI Hype to Deliver AsyncRAT | FortiGuard Labs Fortinet Achieves 1 Million People Trained in Cybersecurity Goal Ahead of Schedule | Fortinet Blog While OT Security Is Maturing, Risk Is Not Slowing Down | Fortinet Blog AI Policy Meets Operational Reality: White House AI Cybersecurity Order Calls for Public-Private Coordination | Fortinet Blog Executive Q&A: Strong Q1 Momentum Driven by Differentiated Innovation and Customer Demand | Fortinet Fortinet Earns AV-Comparatives Certification for EDR Detection Visibility | Fortinet Blog Cybercriminals Are Targeting the FIFA World Cup 2026 | FortiGuard Labs Fortinet Achieves AV-Comparatives Certification for Process Injection Protection | Fortinet Blog Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO | FortiGuard Labs Battling AI-Based Threats with FortiNDR | Fortinet Blog Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data Defending Critical Infrastructure: Why OT Security Demands a Threat-Informed Approach | CISO Collective Misconfigured, Enrolled and Dormant: Anatomy of a P2Pinfect Kubernetes Compromise | FortiGuard Labs Fortinet Expands Cybersecurity Investment in the United Arab Emirates | Fortinet Blog PureLogs: Delivery via PawsRunner Steganography | FortiGuard Labs The Future of Connectivity | Fortinet Blog Fortinet at the World Economic Forum: Frontier AI models, AI-Driven Threats, Deepfakes, and the Future of Cyber Defense | Fortinet Blog The Fortinet 2025 Sustainability Report | Fortinet Blog Supercharged Security: Security in the Time of Mythos | CISO Collective Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign | FortiGuard Labs AI Security Is an Architectural Decision | Fortinet Blog Fortinet Training Institute Wins Industry Accolades | Fortinet Blog Shadow AI: The Invisible Risk Growing Inside Your Organization | Fortinet Blog Leading by Example in Sustainability: Fortinet Expands Global EPD Certification | Fortinet Blog When Cybercrime Becomes an Industry | Fortinet Blog FortiOS 8.0: Redefining Secure Networking in the AI and Quantum Era | Fortinet Blog Why the 2026 AI Cybersecurity Summit Matters | Fortinet Blog DPRK-Related Campaigns with LNK and GitHub C2 | FortiGuard Labs AI Is Changing Application Threats Faster Than Teams Can Adapt | Fortinet Blog Announcing the Fortinet Training Institute’s 2026 ATC Award Winners | Fortinet Blog Disrupting Cybercrime Networks at Scale Requires Sustained Global Collaboration | Fortinet Blog
Securing the Physical World as It Comes Online | Fortinet Blog
2026-04-03 · via Fortinet All Blogs

For decades, operational technology (OT) quietly powered the physical systems societies rely on every day, from energy generation and manufacturing to transport and defense. Those systems were largely isolated, designed for reliability and safety rather than connectivity. That isolation is disappearing.

In the fifth episode of season 2 of Brass Tacks: Talking Cybersecurity podcast, we examine why OT has become a central cybersecurity concern. Host Joe Robertson speaks with Hossain Alshedoki, Partner at KPMG Middle East and Global Lead for OT and IoT, about why critical industries are increasingly exposed to cyberattacks and what leaders must do as IT and OT environments converge.

Why OT Is “New” to Being Online

Unlike enterprise IT, OT systems were never designed to be connected to the outside world.

OT controls critical physical processes. Valves, turbines, assembly lines, electrical grids, and industrial machinery are managed through systems that prioritize availability and safety above all else. Minor changes in the environment can spell disaster. As a result, for much of their history, these systems operated in closed environments, with limited exposure to external networks.

That model, however, is changing. Digital transformation, automation, and data-driven decision-making are pushing OT systems to connect with corporate IT environments. As a result, OT is now facing cyber risks that IT has spent decades learning to manage.

Controlling the Physical vs. the Virtual

A central theme of the episode’s discussion is the fundamental difference between IT and OT.

IT governs virtual processes, data, applications, and business workflows. OT governs physical reality. When something goes wrong in IT, systems may be shut down to prevent data loss. When something goes wrong in OT, the consequences of system shutdowns can include physical damage to the connected devices, environmental harm, or even risk to human life.

That critical distinction fundamentally changes how cyber risk must be understood and dealt with. OT security failures are not just business disruptions. They can become physical safety incidents.

Understanding the OT Landscape

Alshedoki helps demystify the OT environment by breaking it into its core building blocks.

Industrial control systems (ICS) form the overarching environment that manages operational processes. Within that environment, technologies such as supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLCs), and distributed control systems (DCS) execute logic and coordinate physical actions. Increasingly, these environments are evolving into cyber-physical systems, where computing, networking, and physical processes are tightly integrated.

As connectivity grows, so does complexity. To complicate matters further, many organizations are still developing a shared vocabulary between IT and OT teams—especially since they often have different priorities—which can slow progress and increase risk.

IT/OT Convergence Is Accelerating, But It’s Not New

The idea of IT and OT convergence is often treated as a recent development, but Alshedoki pushes back on that framing. Elements of convergence have existed for years. What has changed is the scale and intent. Organizations now want data to flow from the factory floor to the boardroom, enabling analytics, automation, and better decision-making across the business.

This requires new architectures. Traditional OT models, often structured around hierarchical frameworks such as the Purdue Model, were not designed for the flat, interconnected architectures common in IT. As a result, simply merging networks is not enough. Convergence must be deliberate, secure, and aligned with how both environments actually operate. And that takes time, planning, and expertise that many organizations lack.

Culture Is the Hardest Part

Technology is only part of the challenge. Historically, OT engineers focused on uptime, safety, and performance, while IT security teams focused on the confidentiality, integrity, and availability of data. As responsibility for cyber resilience expands across the organization, those worlds are colliding.

Alshedoki describes this primarily as a cultural issue. CISOs are increasingly accountable for cyber risk across the enterprise, often without visibility into OT environments. At the same time, OT teams may view security controls as potential threats to operational stability.

Bridging that gap requires trust, shared understanding, and collaboration, not just new tools. That requires a shift in culture.

Visibility Comes Before Automation

One of the clearest lessons from the episode is practical. Before organizations automate controls or apply advanced governance frameworks, they need visibility. The challenge is that many OT environments lack accurate asset inventories or vulnerability insight. In some cases, simply monitoring the network reveals connected devices that were previously unknown.

Without that foundational understanding, automation can generate misleading data or even disrupt operations. Knowing what assets exist, how they communicate, and where risks lie is a prerequisite for meaningful security.

Extending IT Capabilities into OT—Carefully

Alshedoki shares examples of organizations that have made progress by extending proven IT security capabilities into OT environments in a measured way.

This includes adapting anomaly detection, governance processes, and resilience planning to OT realities, while respecting operational constraints. Success depends on people and process as much as technology, including cross-training, secondment programs, and shared ownership of risk. The result is not instant transformation, but incremental improvement in resilience and visibility.

Resilience Is the Goal

The conversation concludes with a focus on outcomes rather than tools. As OT systems become more connected, leaders must balance security, safety, and operational continuity. The goal is not to replicate IT security models wholesale, but to build environments that are agile, resilient, and able to evolve as technology changes.

Culture, Alshedoki emphasizes, is the umbrella that covers the entire transition. When IT and OT teams understand each other’s priorities and constraints, organizations are far better positioned to secure the physical systems their societies depend on.

About Brass Tacks: Talking Cybersecurity

Brass Tacks: Talking Cybersecurity is Fortinet’s podcast series focused on the real-world risks shaping today’s digital landscape. In season 2, the series expands its lens beyond technology and business to examine cybersecurity as a societal challenge—one that touches governments, critical infrastructure, public services, and everyday life.

Each episode features conversations with experts from policy, academia, and industry, offering practical insight into how organizations and societies can strengthen resilience, manage risk, and respond to an evolving threat environment.

You can watch Brass Tacks episodes on Fortinet TV and YouTube, or listen on your preferred podcast platform under the Fortinet Cybersecurity Podcast channel.