Operational Technology (OT) no longer resembles the isolated environments of the past. It is increasingly connected, automated, and complex. Yet too often, security approaches remain rooted in legacy assumptions that no longer reflect today’s network architectures or threat landscape.

In this talk, the NCSC will present evidence demonstrating that connected OT environments are already being actively exploited. Drawing on real world case studies, we will explore how and why adversaries attack modern OT systems and why existing security models are insufficient. The session will also examine how recent NCSC guidance supports the adoption of secure, scalable solutions that better protect against persistent threats.

Attendees will leave with:

• Pragmatic approaches to enabling necessary connectivity securely, avoiding bespoke solutions for each new connection.
• A clear understanding of why Privileged Access Workstations (PAWs) matter more than ever, and how these concepts can be effectively applied within OT environments.
• A forward looking vision that encourages operators to demand stronger security from vendors and integrators, raises the baseline across the supply chain, and creates space for innovation rather than repetition of legacy practices. The threats are already here. The old rules will not save us.