Discussion by members of the ICS Village consortium about the design and launch of the CIISAp apprenticeship program that links rigorous academic classes and educational training with real-world job rotations at leading industrial companies to help students identify and prevent cyber vulnerabilities and attacks on industrial control systems (ICS) and operational technologies (OT).

Amidst the escalating ransomware and cyber threats, this talk presents a field-tested and proven three-step process developed by Jonathan Pollet and Red Tiger Security to empower senior leadership with clarity regarding OT gaps and connect gaps to an actionable remediation strategy. The process yields a Strategic Roadmap and a multi-year plan for deploying missing technology solutions, updating processes and procedures, and elevating workforce knowledge to mature the OT cybersecurity program, including a budgetary cost estimate with traceability to help secure funding.

Jonathan Pollet and Red Tiger Security present a field-tested three-step process to empower senior leadership to identify gaps in OT security and connect the gaps to an actionable remediation plan. The process yields a Strategic Roadmap with a multi-year plan for deploying missing technology solutions, updating processes, and elevating workforce cybersecurity maturity, along with a budget estimate to secure funding for necessary investments. Drawing on years of hands-on experience across critical infrastructure environments, the talk shares practical techniques and stories from implementing this methodology.

This session explains why ICS/OT-directed ransomware is not likely to happen and covers IT and OT–related cyber incidents, helping attendees understand potential impacts on industrial processes and how to select cost-effective cyber defense solutions to ensure facility operating safety, reliability, and performance (SRP).

This episode examines how a user checking personal email on an application host in a commercial building could compromise the building’s HVAC, central plant equipment and controllers. It discusses how downstream devices are at risk and how attackers with knowledge of building control systems may exploit interoperability. The talk walks through the events in order and the remediation steps, and what actions may have inflamed attackers rather than stopped them.