Are We Too Reliant on OT Checklists and Frameworks?

Three men at a desk review a document together, suggesting a collaborative work discussion.

Taylor Blenner, OT Cybersecurity Systems Analyst | August 8, 2025

With cyberattacks on the rise in Operational Technology (OT) environments, staying secure is not just necessary; it’s critical. Cybersecurity questions are popping up everywhere for entry-level, senior, and business lead professionals: Where do I start? What do I need to do? How do I do it?

One of the most common approaches is to choose a cybersecurity framework that outlines what is needed to secure an OT environment. There are many different frameworks and guidelines to implement, including:

ISA/IEC 62443
NIST 2.0
MITRE ATT&CK

Frameworks are a great way to assess an OT environment and identify gaps. However, business leaders can become too reliant on them.

A blue outlined icon showing a globe in the center, split in half vertically. The left half is encircled by a gear, representing industry or mechanical systems, while the right half is connected to a series of circuit lines, symbolizing digital technology.

Compliance ≠ Security

Each OT environment has distinct concerns and constraints; not all frameworks are created equal. For example, utilizing an IT framework for an OT environment can be helpful, but it won't cover all OT concerns. Specifically, availability and safety are higher priorities. If there’s a chance that a tool, setting, or other security practice could stop operations or become unsafe, it must be avoided. Just because an OT environment complies with the framework doesn’t mean it will always be secure. The cyber climate is constantly changing, with new vulnerabilities, attack methods, assets, and priorities. Simple compliance can give a false sense of security. Cybersecurity evolves, so staying informed on the latest practices and tools is critical.

Keeping Up with An Evolving Threat Landscape

It's too easy to adapt to a framework without understanding the true risk. Remediating risks can be expensive, time-consuming, and challenging. After evaluating the environment, the next step should be to evaluate the risk and minimize gaps. The reality is that it’s very unlikely for all risks to be remediated. Sometimes, it can be over budget. Sometimes, there might not be enough resources available. And sometimes, it’s just not noticed. An external OT specialist can help identify the most significant risks and develop the best actionable items. Having another resource can ease the process by helping with understanding the risks and how to remediate them.

Frameworks are great tools for securing environments, with the key word being tool. Not every framework is built the same, and not every environment is built the same. Some are better suited to specific sites, companies, or industries. Too much time can be spent finding the perfect framework and not understanding its root purpose. Cyber attackers don’t care about what’s being used; they only care about getting access. Always consider the “why.” If there weren’t attackers, we wouldn’t need antivirus software, access control lists, or any type of cybersecurity processes.

A blue outline of a padlock in the center, symbolizing security or protection. Lines extend outward from the lock in several directions, each ending in a small square, representing interconnected systems or network security.

Tailoring to Your Needs

Your OT environment is unique, and so are the challenges you face. Are frameworks helping you build lasting security—or just keeping you busy with checkboxes? At Interstates, we believe the best solutions come from open dialogue and tailored strategies, not one-size-fits-all checklists. As you continue your cybersecurity journey, ask yourself:

Where do compliance frameworks help—or hinder—you?
What risks keep you up at night?
Are you confident in your current approach, or do you see gaps?

Let’s talk about your most pressing OT cybersecurity challenges and how Interstates can help you solve them. Your journey to a more resilient, risk-aware organization starts with a simple conversation.

Taylor Blenner is an OT Cybersecurity Systems Analyst at Interstates. For the past three years, she's collaborated with multiple teams to perform cybersecurity and network audits for manufacturers worldwide. Her focus is on helping clients identify and remediate risks.

This topic is included in the Interstates LinkedIn Newsletter Converging Clarity, which focuses on Operational Technology.

August 1, 2025

Day in the Life of a 2nd-Year Intern

Learn about Kaden's experience as a 2nd-year intern at Interstates. His time has been filled with hands-on learning, exciting job site visits, and witnessing company values in action.

August 15, 2025

Delivering Innovation and Efficiency at Ovation Farms

Modular e-houses and heavy prefab powered a faster, safer build at Ovation Farms, keeping bird dates on track across 16 cage-free barns. Even with tight deadlines and unique circumstances, the project doubled productivity and set a new standard for efficiency.

Your Next MES and Process Control System

Are You Compliant with NFPA 70B?

Need a Simpler Start to Cybersecurity?

Improving Your CPG Operations with a Systems Integrator

New Life to an Old Mill in Iowa

Country Maid Invests in PLEX Production Monitoring

Electrical Project for New Milk Bottling Facility

Delivering Quality Data Center Work Fast & Safely

Rockwell Automation's System Integrator Partner of the Year

Being a Leading Industrial Electrical Solutions Provider

What's It Like to Work at Interstates?

Your Foundational OT Cybersecurity Solution

The Real Meaning of Balance in Leadership

What to Do About Electrical Grid Changes