Home > Research > Publications & Outputs > Learning to Walk

Electronic data

Text available via DOI:

View graph of relations

Learning to Walk: Towards Assessing the Maturity of OT Security Control Standards and Guidelines

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Publication date24/07/2023
Host publication2023 IFIP Networking Conference (IFIP Networking)
Number of pages6
ISBN (Electronic)9783903176577
<mark>Original language</mark>English


The convergence of IT and OT has presented OT environments with several challenges, such as increasing the attack surface of its real time systems to include more commonplace enterprise vulnerabilities. As OT is used across heavily regulated sectors, including water and nuclear, many standards and guidelines are available to these sectors, providing them with assistance towards continued improvements from a cyber security perspective. However, these standards and guidelines are not always as mature as their IT counterparts. This paper proposes a model to benchmark the maturity of OT focused standards and guidelines, which we then use to analyse seven commonly adopted resources. Based on this analysis, we find that these OT standards and guidelines do not always provide in-depth implementation guidance, and often refer instead to IT standards and guidelines for more information. Improvements are urgently needed in security and risk mitigation for interconnected OT and IT systems, as security controls in OT are typically re-appropriated IT controls. To help achieve this goal, OT standards must mature further.