- By Renee Bassett
- July 03, 2025
- Opinion
Summary
As digital transformation breaks down the walls between OT and IT systems in pursuit of innovation and efficiency, new cybersecurity threats can emerge.
As digital transformation breaks down the walls between operational technology (OT) and information technology (IT) systems in pursuit of innovation and efficiency, new cybersecurity threats can emerge. That means it’s never been more important to cross-train OT and IT security teams and build a solid threat assessment, mitigation and response plan. This summer, the International Society of Automation expanded the resources available to meet those needs.
The two-day 2025 ISA OT Cybersecurity Summit in Brussels, Belgium, delivered multiple sessions across two tracks—threat intelligence and securing the supply chain—to educate professionals focused on OT cybersecurity for industry and critical infrastructure.
Keynote speaker John Fitzpatrick, founder of Lab539, discussed how zero-day vulnerabilities can be leveraged, explained why patching may not always be the solution, and explored security testing within OT networks. He also explained how enhancing detection capabilities can ensure resilience.
Fitzpatrick said so-called “insecure” systems often pose minimal risk in OT contexts. “By relying on OT’s established strategies, we can effectively protect critical infrastructure from modern threats while maintaining the core principles that define OT security,” he explained. He spoke about “trusting OT’s path to cybersecurity” while he shared firsthand lessons from his experience defending fuel terminals and other assets against cyber threats.
In another session, ISASecure Program Manager Dr. Mark DeAngelo provided early details on a new ISA initiative: the ISASecure Industrial Automation Control System Security Assurance (ACSSA) inspection and certification scheme. This new program will offer a common, industry-vetted method for evaluating the conformity of an industrial automation and control system to the ISA/IEC 62443 series of standards.
ACSSA evaluates conformity to ISA/IEC 62443-2-1, 2-4, 3-2 and 3-3 requirements by verifying processes, procedures, support from service providers, and the configuration and utilization of control systems capabilities. It was created to help bridge lingering gaps in operational site assurance.
“Despite the comprehensive nature of ISASecure and cybersecurity expert programs, asset owners have relied on a patchwork of internal policies and third-party audits that vary across sites, leading to inconsistent security postures, compliance gaps, increased risk exposure, increased liability and regulatory non-compliance,” said DeAngelo.
ACSSA aligns all stakeholders—asset owners, insurance providers, product suppliers, service providers, conformity assessment bodies and government bodies—around a consistent, standards-based program to help create a more secure and resilient environment.
The first three-day training course for ACSSA will be available in early fall 2025 at ISA headquarters in Durham, North Carolina. An online version of the course will be offered in late 2025.
This column appeared in the June/July issue of Automation.com Monthly.
About The Author
Renee Bassett is chief editor for Automation.com Monthly digital magazine and other International Society of Automation publications, including Automation.com. Bassett is an experienced writer, editor and project manager for industrial automation, engineering, information technology and infrastructure publications. She has a bachelor's degree in journalism from Indiana University, Bloomington, and is based in Nashville.
Did you enjoy this great article?
Check out our free e-newsletters to read more great articles..
Subscribe