Your OT Security Workout Plan: Building Strong Habits in the New Year

Jori VanAntwerp

CEO and Founder at EmberOT || Web

For over two decades, Jori has enabled industrial and IT organizations to be successful in reducing risk, increasing compliance, and improving their overall security efforts. He has had the pleasure of working with companies such as Gravwell, Dragos, CrowdStrike, FireEye, McAfee, and is now CEO & Founder at EmberOT, a cybersecurity startup focused on making security a reality for critical infrastructure.

It’s a new year, which means many of us are hitting the gym with new workout routines. But have you thought about leveling up your OT cybersecurity fitness regime? Just like your physical fitness, maintaining peak OT security requires consistency and strength. 💪

Starting a new fitness routine is exciting… until you’re sore the next day.

OT cybersecurity can feel the same way. You know operational technology security is critical to your organization. You know industrial cybersecurity threats are increasing across critical infrastructure, manufacturing, energy, and utilities. But the idea of improving OT security (without disrupting uptime or impacting safety) can feel overwhelming, especially for smaller organizations.

Here’s the good news: like physical fitness, a robust and secure OT environment is built through consistent, manageable habits that compound over time. Strong ICS security comes from routine, discipline, and smart prioritization, not from a single heroic overhaul.

Think of this as your OT cybersecurity workout plan and EmberOT as your personal trainer, with practical guidance and the equipment you need to maintain your OT security.

The Warmup: Asset Visibility

Before any workout, you warm up. In OT, your warm-up is asset visibility, one of the most critical foundations of industrial security.

Start by understanding:

• What OT and ICS assets are in your environment
• Establishing asset and network baselines
• How OT networks connect to IT systems, vendors, and remote access pathways.
• Mind the OT edge! Don’t forget your sensors, cameras, switches, and gateways.

Asset discovery is a cornerstone of industrial cybersecurity and critical infrastructure protection. It doesn’t need to be perfect to be valuable. Even partial visibility improves risk management and reduces blind spots, just like loosening up before lifting heavier weights.

This is where regular risk assessments come in handy. They force operators to also check on asset and network visibility by default.

Maintain Good Form: Identity Access Management

In the gym, poor form leads to injury. In OT environments, weak access controls lead to cyber incidents, downtime, and safety risks.

Strong OT cybersecurity fundamentals rely on disciplined identity and access management:

• Restricting OT system access to only those who truly need it
• Separating IT and OT access wherever possible
• Regularly reviewing and removing stale credentials

Access control is like core strength for OT security, and can be particularly challenging for electrical cooperatives. Think of IAM like planks: unglamorous, but effective and essential.

Progressive Overload: Focused and Mindful Patching and Updating

You wouldn’t jump from lifting five pounds to fifty overnight (at least, you shouldn’t). The same principle applies to patching and vulnerability management in OT cybersecurity.

Industrial control systems often have strict uptime and stability requirements, but avoiding updates altogether creates long-term OT security risk. Instead:

• Test patches in staging or lab environments
• Prioritize vulnerabilities based on operational risk and exploitability
• Document compensating controls when patching isn’t immediately possible

It’s also important to keep in mind that while IT also requires targeted patching, IT best practices don’t always translate well to OT environments.

Cardio Counts: Monitor, Detect, Respond

Cardio keeps your whole system running. In OT cybersecurity, that role is filled by continuous monitoring and detection.

You don’t need to sprint. You need the steady pace of internal network security monitoring (INSM) specific to OT environments:

• Monitor OT network traffic – including east-west traffic – for abnormal behavior
• Ensure alerts are actionable and reach the right teams.
• Remember, SCADA systems are an integral part of network security monitoring, too.  

Train Smarter, Not Harder

The biggest mistake organizations make in OT cybersecurity (and when we’re hitting the gym in the new year) is trying to do everything at once.

You don’t need perfect industrial cybersecurity on day one. You need consistency:

• Regular OT security assessments
• Incremental improvements to controls and visibility
• Clear ownership for OT cybersecurity responsibilities.

Consistent habits outperform intense, one-time efforts. That’s how sustainable operational technology security is built.

That Satisfying After-Workout Smoothie

Creating regular processes around your OT cybersecurity will also make “big” events – such as downtime, a breach, or a NERC CIP audit – easier to handle. Just like building cardio endurance during regular workout sessions enables you to run a long-distance marathon.

These processes don’t have to be built from scratch, either. Whether adapting the Purdue Model to work with specific environments or using a NIST compliance checklist, the framework for a secure and operational environment already exists.

EmberOT understands that OT cybersecurity should strengthen operations, not slow them down. Like a well-designed fitness program, effective OT security meets organizations where they are, respects operational constraints, and builds long-term resilience.

Similar to getting into a workout routine, when attempting to develop a mature industrial security program, the most important step is showing up and building habits that last.

No burpees required.

~Jori 🤘🔥