ICS Security is the domain I came up through during a long stretch of my career, and the one I still think about most carefully because the consequence model is different. Bad outcomes in OT systems can mean things break in the physical world.
A few perspective points from a long career in this space:
The threat model has shifted, but the asset model hasn't kept up. Industrial control systems were designed assuming network trust, physical-perimeter defense, and decade-long device lifecycles. None of those assumptions hold in any modern environment, but the device fleet still reflects them. Most OT security work in practice is about closing the gap between the assumption and the reality, not about deploying a new product.
ICS protocols are mostly still cleartext. Modbus, DNP3, ICCP — none of these were designed with confidentiality or strong authentication as a primary concern, and the bolt-on solutions (DNP3 Secure Authentication, IEC 62351) have arrived slowly and unevenly. Anyone who thinks a network capture inside a substation is uninteresting hasn't done one. The right architectural response is layered: segment ruthlessly, monitor for protocol anomalies, treat every flat OT network as a future incident.
Stuxnet is still the most useful case study. Not because the specific technique is current, but because it demonstrated, definitively, that physical-process logic could be the target of a cyber operation. Everything since — Industroyer, the Ukraine grid incidents, Triton — extends rather than contradicts that lesson.
Zero Trust applied to OT is mostly the right direction, with caveats. Identity-aware, continuously-verified access models are a better fit for industrial environments than perimeter models, but the operational tempo (you cannot interrupt a process for a re-auth challenge) and the device population (a lot of equipment cannot speak modern auth protocols) constrain what's actually deployable. Most successful programs I've seen take a "Zero Trust where possible, defense-in-depth everywhere else" posture rather than treating it as an absolute.
NERC CIP is industry infrastructure, not just a compliance regime. It's flawed in specific places, late in some others, and an enormous net positive overall. The bulk-power-system security posture in North America is materially better because of it. That's worth saying out loud in an industry that often treats compliance as something to be endured.
Posts under this section will mostly be industry-perspective writing: OT/IT convergence, ICS protocol patterns, threat-model evolution, and selected reflections on standards and practice.
Recent posts
When OT Started Speaking IT: A Decade of Convergence
What ten years of OT/IT convergence has actually delivered, from the perspective of someone who came up through the NERC CIP v5 transition and the first generation of Smart Grid pilots.