Operational technology (OT) security is no longer a niche concern—it’s front and center in today’s cyber conversations. At Black Hat this year, OT had a real moment, signaling that protecting critical infrastructure has finally caught the broader security community’s attention. Rick Kaun, global director of cybersecurity services at Rockwell Automation, unpacks what makes OT security so different—and why “think global, act local” is more than a catchphrase.

Kahn traces his 25-year journey through the evolution of OT security, noting how IT-style controls don’t simply map onto industrial systems. A misconfigured patch or a routine reboot might be an inconvenience in IT, but in OT it can mean multimillion-dollar outages—or worse, safety risks. Unlike IT, OT environments run on decades-old equipment tied directly to physical processes, from pipelines to medical devices, where uptime and safety are paramount.

Security has to be embedded into the very culture of manufacturing, much like safety systems. That means moving past one-off fixes and focusing on contextual data—understanding not just what vulnerabilities exist, but where they sit, how critical the affected assets are, and what protections are already in place. With that lens, organizations can prioritize risks, streamline responses, and build global strategies that adapt to local realities.

The payoff is significant. Companies embracing this model are seeing major efficiency gains—turning what once took days of manual effort into hours—while giving boards and insurers the assurance that resiliency isn’t just an aspiration, but a measurable outcome.

For manufacturers and critical infrastructure operators, the message is clear: Cybersecurity isn’t just about defense. It’s about keeping the systems that keep society running safe, reliable, and resilient.