There is a lack of OT security specialists

The demand for OT security specialists who can help reach an adequate OT security posture without disrupting the OT environment by their own efforts has grown significantly over the last two years, while the number of available specialists has stayed low.

One way of measuring this is by comparing the number of specialists that are Certified Information Systems Security Professionals (CISSP) versus the number of certified Global Industrial Cyber Security Professionals (GICSP). In 2022, there were 156.000 CISSPs globally versus only 4.000 GICSPs. A similar comparison could be made between security specialists who are knowledgeable about ISO 27001 versus IEC62443, which is the current standard for OT and has come forth from the ISA99.

As most universities don’t offer specific OT security education, the gap continues to grow.

IT security specialists can be trained for OT under the condition that they are willing to adapt to the culture and peculiarities of the OT environment and accept that standard solutions used in IT might not work in OT or even are disruptive on their own.

Another good way to increase the capacity of OT security specialists is to train OT engineers in the f ield of cyber security. Engineers bring valuable expertise to the table regarding the systems used in OT.

Due to the need for OT security specialists, organizations should strive for mixed teams with regard to seniority and field experience.