An Engineer’s View: Operational Technology

Introducing yet another way to think and communicate the ideas behind Operational Technology

Introduction

My name is Liz James, and I am a Cybersecurity Consultant with 5 years of experience. I hold an Engineering Doctorate (EngD) from Warwick University, preceded by an undergraduate degree in Experimental Physics (MPhys) from Swansea University. My journey into cybersecurity has been anything but traditional, blending disciplines and perspectives that often give me a unique edge in addressing complex challenges.

The customers I collaborate with are predominantly organizations whose products and services are engineered across diverse technical disciplines and cater to markets regulated by governmental or regional authorities. This intersection of engineering, regulation, and cybersecurity has been the core of my professional focus.

Operations Technology (OT)is defined by the International Society of Automation (ISA) and National Cyber Security Centre (NCSC), as hardware and software that detects or causes a change through the direct monitoring and control of physical devices, processes, and events.

While this definition is clear and aligns with at least one aspect of the rest of this post I have found it struggle to convey impact to leadership, I hope today that I can impart some of my insight into the often poorly communicated aspect of Operational Technology.

Cyber-Physical Axis

As systems increasingly integrate physical and cyber components, the line between traditional engineering domains and digital domains becomes blurred. This evolution calls for individuals with a unique blend of skills, combining expertise from Functional Safety, Safety of the Intended Function (SOTIF), and Cybersecurity through the lens of sector specific challenges, threats and best-practice. These skills go beyond the traditional IT or engineering specializations, requiring professionals to navigate the complexities of interconnected systems where a single failure can have cascading effects across both the physical and digital realms.

While traditional safety disciplines have historically focused on minimizing physical hazards and ensuring reliability, the addition of cybersecurity introduces a dynamic layer of complexity. Systems now face threats that are intentional and adaptive, necessitating proactive and integrated risk management strategies.

Impact on the Business – Degradation in Quality of Service

Cybersecurity is not just about protecting assets; it is fundamentally about ensuring business continuity, operational efficiency, and customer trust. For businesses that rely heavily on specific systems to perform primary functions or generate revenue, any disruption to these systems can have severe and immediate consequences. The impact is not merely technical—it can extend to revenue loss, reputational damage, regulatory repercussions and in some-cases loss of life.

A common approach in Threat Modelling and Vulnerability Assessment through Design Review, particularly when using frameworks like STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service, Elevation of Privilege), is to treat a Denial of Service (DoS)—as a violation of the security property of Availability—as a binary state: either the system is operational, or it is not. While this simplification is helpful in analysis, it often overlooks an important nuance: most businesses have some level of business continuity protection. For instance, critical functions may fall back to manual processes, such as reverting to paper-based workflows or activating secondary systems.

However, these fallback mechanisms are rarely seamless and often come with their own limitations, such as increased operational costs, slower performance, or reduced customer satisfaction. For example:

E-commerce platforms may switch to offline order-taking, but this can lead to delays in order fulfilment.

Manufacturing operations might temporarily halt automated processes, leading to reduced output and increased labour requirements.

Healthcare providers may resort to manual records, risking data inaccuracies, delays, and reductions in quality of patient care.

It is essential to consider partial service degradations rather than simply assuming a system will be entirely functional or entirely unavailable. This perspective allows for a more realistic and nuanced understanding of risk, enabling organizations to prioritize controls and contingencies that minimize the likelihood and impact of service degradation.

Ultimately, addressing Availability as a spectrum rather than a binary outcome helps businesses build more resilient operations and ensures that disruptions, when they occur, are manageable and do not spiral into full-blown crises.

Segment Diagram – Mixing these axes

When we overlay the Cyber-Physical Axis (representing the degree to which a system integrates cyber and physical components) with the Impact of Failure (indicating the consequences of system downtime or compromise), a new way of defining and understanding Operational Technology (OT) emerges.

This multidimensional view highlights how OT occupies a unique position, distinct from traditional IT or general-purpose systems.

The Segment Diagram illustrates this relationship, dividing the space into four quadrants:

1. Key Business Systems (Top Left): While critical to operations, these systems are less integrated with physical components. Examples include ERP systems, payroll software, and customer relationship management (CRM) platforms. Failures here can disrupt workflows and financial operations but typically do not have immediate physical consequences.
2. Operational Technology (Top Right): OT systems, such as SCADA systems, robotics, and industrial controls, exist in highly cyber-physical environments. Failures in these systems can lead to significant physical and business impacts, such as production halts, safety incidents, or environmental damage. This quadrant defines the heart of OT, where the convergence of cybersecurity, functional safety, and business continuity becomes critical.
3. Less Integrated Systems (Bottom Left): These systems are neither highly cyber-physical nor critical to business operations. Examples include basic office tools or non-essential IT services. While important, their failure typically causes inconvenience rather than significant disruption.
4. Emerging Cyber-Physical Technologies (Bottom Right): This space is increasingly occupied by innovations such as IoT devices, smart infrastructure, and autonomous vehicles including ground, and sea/airborne. While these technologies might not yet be mission-critical, their potential for significant business and societal impact is growing, making them a focus for future OT considerations.

It is important to emphasize that this framework is not static; systems and technologies can move between quadrants as they evolve. While today’s emerging cyber-physical technologies in aviation (civil or military), marine, and autonomous vehicles might be seen as less integrated or less critical in certain contexts, their potential for significant physical and business impacts is undeniable. Over time, these innovations may become as central to operations as existing OT environments in discrete manufacturing, oil and gas, water management, and other sectors. Consequently, the line between traditionally “discrete” industries and these expanding, often complex cyber-physical domains is becoming increasingly blurred. Risk appetites and regulatory expectations—particularly in highly structured and safety-critical sectors like Energy and Utilities—will likely have to adapt. Equally, entirely new organizations may emerge, built around these advanced technologies from the outset, further underscoring the need to continually reassess where systems and processes sit within the Segment Diagram.

By mixing these axes, the Segment Diagram provides a framework to:

• Prioritize Resources: Identify systems requiring heightened cybersecurity, redundancy, and resilience measures.
• Drive Strategic Planning: Guide investment in emerging technologies that will eventually transition into the top-right OT quadrant.
• Foster Collaboration: Encourage cross-disciplinary efforts to address challenges at the intersection of cyber and physical domains.

In essence, combining these axes also highlights the critical intersections where proactive measures can safeguard business operations and physical systems.

What can we do with this framing?

The following section will discuss some other common areas of interest to our customer base as viewed through this lens.

Human Machine Interaction

In the context of Operational Technology (OT) and cyber-physical systems, the role of Human-Machine Interfaces (HMI) introduces a layer of complexity that transcends simple categorizations. While the increasing use of Artificial Intelligence (AI) agents is often positioned as a way to solve complex challenges, especially in automating decision-making, HMIs remain pivotal in regulated industries where human oversight is a non-negotiable requirement.

This necessity for human interaction, especially before executing high-risk actions, introduces a fuzziness to the conceptual segment diagram. Systems that might otherwise be distinctly classified—such as low-impact or non-critical systems—can suddenly exhibit blended characteristics when viewed through the lens of HMI. For example:

A cyber-physical system designed for moderate impact might require human intervention in edge cases, elevating its importance and perceived risk. High-impact systems that rely on HMIs for manual overrides could exhibit vulnerabilities not present in fully automated systems, as operator fatigue, misunderstanding, or slow responses add an element of unpredictability.

HMIs effectively make the boundaries between quadrants in the segment diagram more fluid:

• Key Business Systems (Top Left): When coupled with HMIs that directly control physical processes, these systems can begin to encroach on the characteristics of Operational Technology, especially if human error or intentional sabotage in interaction can lead to physical consequences.
• Operational Technology (Top Right): While typically high-impact and tightly coupled to cyber-physical processes, the reliance on human operators via HMI can create pathways for errors or introduce additional attack vectors that transcend pure technical vulnerabilities.
• Less Integrated Systems (Bottom Left): Introducing HMIs for monitoring or control can elevate these systems’ relevance, making their behaviour more critical in specific contexts.
• Emerging Cyber-Physical Technologies (Bottom Right): The experimental or evolving nature of these systems means their interaction with HMIs can vary widely, further blurring their classification.

Moreover, in certain high-stakes domains such as military or civilian drones, cars, and aircraft, an operator’s action via an HMI can have immediate physical or societal consequences. Design choices in these sectors frequently favor user-friendliness—ensuring that complex controls remain accessible and intuitive—potentially at the expense of more robust cybersecurity or identity management practices. A striking example is found in some modern vehicles where recent research has shown that former owners or unauthorized users can remotely track and control essential functions by exploiting public information like the VIN. These exploits highlight how a comprehensive joiner-mover-leaver (JML) process is often lacking or overlooked—particularly in the various security state transitions and privileged entity interactions that a connected vehicle needs to manage. Reports of being able to enroll a new “owner” or even transfer full digital control underscore the delicate balance between operational efficiency and security when user convenience is prioritized.

Ultimately, HMIs reinforce how dynamic and interdependent OT environments can be, often blurring traditional categorizations found in segment diagrams. Organizations must remain vigilant in evaluating not just the technical architecture of their systems, but also the human factors and policies that govern their operation. By acknowledging the critical role of HMIs—especially in contexts where user input directly influences real-world outcomes—businesses can better align design, security, and regulatory requirements to create systems that are both highly usable and resilient.

Recent disclosures of vehicle API vulnerabilities further illustrate how these HMI-related weaknesses can escalate into critical security and safety concerns. By exploiting publicly available identifiers such as VINs or license plates, attackers have demonstrated the ability to manipulate ownership records, enrol unauthorized devices, and even remotely control core vehicle functions. This reveals systemic gaps in identity and access management—particularly the lack of robust processes for transferring or revoking privileges across the vehicle’s lifecycle. These issues highlight the urgent need to integrate security measures, thorough oversight, and clear accountability into all OT environments where HMIs serve as the critical interface between humans and technology.

Shifting Between Sections Over Time

Although a point-in-time measurement can place a system or asset in a particular quadrant on this segment diagram, these positions are far from static. Systems can migrate between quadrants as their roles, dependencies, and risks evolve within an organization. This dynamic nature underscores the importance of regular re-evaluation and highlights the potential for unnoticed shifts, particularly in legacy systems, much like capturing a single moment in a complex or even chaotic system.

1. Emerging Systems (Bottom Right) → Key Business Systems (Top Left)

An experimental or emerging technology may initially exist in the Emerging Systems quadrant. Over time, as the business integrates it into operations, it becomes critical to workflows, transitioning into the Key Business Systems quadrant.

• Example Transition: A small IoT sensor network deployed for pilot testing might eventually monitor critical infrastructure, becoming an integral part of reporting and decision-making.
• Challenge: As reliance grows, the business may not reassess the risks or provide sufficient support, leaving it vulnerable despite its elevated importance.

2. Key Business Systems (Top Left) → Operational Technology (Top Right)

A system initially implemented as a purely business-oriented tool may evolve to control or directly influence physical processes, crossing into the Operational Technology space.

• Example Transition: A resource planning system might integrate with production line controls, introducing cyber-physical dependencies.
• Challenge: The shift to OT increases exposure to cyber-physical risks, but the business may not recognize this change, leaving the system inadequately protected against emerging threats.

3. Less Integrated Systems (Bottom Left) → Key Business Systems (Top Left)

A peripheral or low-impact legacy system may gradually assume a central role, often due to workarounds, growth, or unplanned dependencies.

• Example Transition: An old inventory management system initially used by a single team could become the default for supply chain management as the company scales.
• Challenge: The system may lack scalability, support, or robustness, but its criticality to operations makes replacing it complex and disruptive.

4. Operational Technology (Top Right) → Less Integrated Systems (Bottom Left)

Legacy OT systems can lose relevance as technology evolves and the business shifts focus to more modern solutions. However, these systems may still exist in the environment, creating hidden vulnerabilities.

• Example Transition: An older industrial control system that has been phased out of active use might remain online for monitoring or backup purposes.
• Challenge: These systems are often forgotten in risk assessments, leaving them vulnerable to exploitation despite their diminished role.

Digital Twins

Initial Position: Emerging Cyber-Physical Technologies (Bottom Right)

Digital Twins often start as emerging technologies, primarily used for innovation, testing, and simulation. At this stage, they are:

• Cyber-Physical Nature: High, as they are inherently designed to replicate physical systems in a digital environment.
• Impact of Failure: Low to moderate, as their role is experimental, or auxiliary rather than directly tied to critical operations.

Characteristics:

• Early use cases focus on simulations for design optimization, testing, and predictive analytics.
• Deployment may be limited to research or pilot projects.

Transition to Operational Technology (Top Right)

As Digital Twins mature and integrate into core operations, they can transition to the Operational Technology segment. At this stage:

• Cyber-Physical Nature: Remains high, as the digital twin directly interfaces with and mirrors physical systems.
• Impact of Failure: Increases significantly, as their role expands to operational monitoring, control, and decision-making.

Characteristics:

• Used for real-time system monitoring, predictive maintenance, and operational optimization.
• Failures in the digital twin could lead to incorrect decisions or disruptions in physical processes.

Secondary Transition: Key Business Systems (Top Left)

In some cases, Digital Twins may evolve into Key Business Systems if they are primarily used for strategic decision-making or as part of broader business functions. For example:

• Cyber-Physical Nature: This decreases slightly as their role becomes less about direct physical control and more about providing insights or enabling high-level decision-making.
• Impact of Failure: Remains high, as their outputs influence critical business strategies.

Characteristics:

• Integration into ERP or business intelligence systems for long-term planning and performance analysis.
• Critical for driving competitive advantages, such as supply chain resilience or energy optimization. 

Internet of Things 

As a category, the Internet of Things (IoT) is just as broad as Operational Technology, but they are typically characterized by low power consumption, deployment at ‘the edge’, diverse connectivity options, and typically in operational domains in which there are threats against physical access such as modification and tampering. Put into the dimensional framework discussed earlier, IoT systems often fall into the Emerging Cyber-Physical Technologies quadrant due to their evolving role in both business and industrial environments. However, their placement is highly dynamic. As IoT devices become more integrated into critical infrastructure—such as smart grids, industrial automation, and healthcare monitoring—they can transition into the Operational Technology quadrant, where their reliability, security, and resilience become paramount. 

The physical exposure of IoT devices introduces unique security challenges, including unauthorized access, tampering, and supply chain vulnerabilities. Unlike traditional IT systems, which operate in controlled environments, IoT devices often function in harsh or unsecured locations, increasing their risk profile. This necessitates robust authentication mechanisms, secure communication protocols, and continuous monitoring to detect anomalies. 

Additionally, as IoT solutions mature and demonstrate business value, they may shift into the Key Business Systems quadrant, influencing strategic decision-making and operational efficiencies. Organizations must recognize these transitions and proactively manage security risks, ensuring IoT deployments align with evolving business and regulatory requirements. 

Conclusion: A New Lens for Operational Technology 

Operational Technology is evolving, requiring a multidisciplinary approach that merges cybersecurity, engineering, and regulatory considerations. By framing OT through the Cyber-Physical Axis and the Impact of Failure, we gain a more structured way to assess risks, prioritize investments, and adapt to emerging technologies. 

This perspective not only clarifies how different systems interact but also helps organizations proactively manage their evolution—whether through digital twins, IoT, or human-machine interaction. As technology advances, businesses must continuously re-evaluate their OT landscape, ensuring that security, resilience, and efficiency remain at the forefront. 

Ultimately, understanding OT through this structured lens empowers organizations to make informed decisions, bridge gaps between engineering and cybersecurity, and build systems that are both secure and adaptable to future challenges. As we consider the integration of IT and IoT with OT, the quadrant framework described here can serve as a valuable tool to assess how deeply systems are intertwined, highlight the growing impacts they may pose, and ensure that all relevant stakeholders can decide which risks to mitigate, accept, or reject.