Sign up to save your podcasts
Or
Share Is Your IIoT Strategy Creating More Security Risks?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Is Your IIoT Strategy Creating More Security Risks?
Craig and Dino address one of the most overlooked problems in OT security: the IIoT devices your security tools don't automatically detect.
Most OT intrusion detection platforms do a reasonable job of identifying core control-layer assets such as PLCs, drives, and motor control centers. The problem is everything else. Laptops plugged into the network, third-party devices brought in by contractors, and a growing range of connected IIoT equipment often go completely undetected. Those are the gaps where risk accumulates.
Craig and Dino explain why the belief that machines are air-gapped is a dangerous myth, how PLCs acting as gateways prevent intrusion detection platforms from seeing the devices behind them, and why an asset inventory is not the same as knowing your real risk and CVE exposure in multi-vendor environments.
They reframe OT cybersecurity as a process-integrity problem and show how unmanaged network activity, third-party remote access, and even routine IT security scans can quietly degrade OEE and trigger unplanned downtime that costs millions.
Using predictive-maintenance analogies such as thermal, harmonics, and vibration sensing, they make the case for treating digital anomalies the same way mature plants already treat mechanical ones.
They close by examining why so many OT detection tools become shelfware, how to escape alert fatigue, and the two practical paths to real IT/OT convergence: building the right relationships with OEMs, system integrators, and AEC partners, and designing security-ready facilities from the ground up.
It's a practical listen for CISOs, plant and engineering leaders, and OT/IT teams responsible for securing manufacturing and critical infrastructure.
Chapters:
- (00:00:00) - Why No Industrial Asset Is Truly Air-Gapped
- (00:01:08) - IoT vs. IIoT: How OT Assets Get Classified
- (00:03:15) - The Control-Layer Blind Spot: Drives, Robots, and Motor Controls
- (00:05:25) - How PLC Gateways Hide Assets From Intrusion Detection
- (00:07:30) - Asset Inventory Isn't Risk: The CVE Gap in Multi-Vendor Plants
- (00:08:55) - When Cyber Blind Spots Become Costly Downtime
- (00:10:05) - Process Integrity: How Security Scans Disrupt Production
- (00:11:35) - Predictive Maintenance Meets Digital Anomaly Detection
- (00:17:45) - Avoiding OT Shelfware and Alert Fatigue
- (00:19:45) - IT/OT Convergence: Choosing a Partner and Building Secure-by-Design
Links And Resources:
- Want to Sponsor an episode or be a Guest? Reach out here.
- Industrial Cybersecurity Insider on LinkedIn
- Cybersecurity & Digital Safety on LinkedIn
- BW Design Group Cybersecurity
- Dino Busalachi on LinkedIn
- Craig Duckworth on LinkedIn
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
View all episodes
By Industrial Cybersecurity InsiderCraig and Dino address one of the most overlooked problems in OT security: the IIoT devices your security tools don't automatically detect.
Most OT intrusion detection platforms do a reasonable job of identifying core control-layer assets such as PLCs, drives, and motor control centers. The problem is everything else. Laptops plugged into the network, third-party devices brought in by contractors, and a growing range of connected IIoT equipment often go completely undetected. Those are the gaps where risk accumulates.
Craig and Dino explain why the belief that machines are air-gapped is a dangerous myth, how PLCs acting as gateways prevent intrusion detection platforms from seeing the devices behind them, and why an asset inventory is not the same as knowing your real risk and CVE exposure in multi-vendor environments.
They reframe OT cybersecurity as a process-integrity problem and show how unmanaged network activity, third-party remote access, and even routine IT security scans can quietly degrade OEE and trigger unplanned downtime that costs millions.
Using predictive-maintenance analogies such as thermal, harmonics, and vibration sensing, they make the case for treating digital anomalies the same way mature plants already treat mechanical ones.
They close by examining why so many OT detection tools become shelfware, how to escape alert fatigue, and the two practical paths to real IT/OT convergence: building the right relationships with OEMs, system integrators, and AEC partners, and designing security-ready facilities from the ground up.
It's a practical listen for CISOs, plant and engineering leaders, and OT/IT teams responsible for securing manufacturing and critical infrastructure.
Chapters:
- (00:00:00) - Why No Industrial Asset Is Truly Air-Gapped
- (00:01:08) - IoT vs. IIoT: How OT Assets Get Classified
- (00:03:15) - The Control-Layer Blind Spot: Drives, Robots, and Motor Controls
- (00:05:25) - How PLC Gateways Hide Assets From Intrusion Detection
- (00:07:30) - Asset Inventory Isn't Risk: The CVE Gap in Multi-Vendor Plants
- (00:08:55) - When Cyber Blind Spots Become Costly Downtime
- (00:10:05) - Process Integrity: How Security Scans Disrupt Production
- (00:11:35) - Predictive Maintenance Meets Digital Anomaly Detection
- (00:17:45) - Avoiding OT Shelfware and Alert Fatigue
- (00:19:45) - IT/OT Convergence: Choosing a Partner and Building Secure-by-Design
Links And Resources:
- Want to Sponsor an episode or be a Guest? Reach out here.
- Industrial Cybersecurity Insider on LinkedIn
- Cybersecurity & Digital Safety on LinkedIn
- BW Design Group Cybersecurity
- Dino Busalachi on LinkedIn
- Craig Duckworth on LinkedIn
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!