Universities everywhere are feeling the pressure to keep pace with a rapidly changing industrial threat landscape, while also preparing graduates for jobs that demand a rare blend of engineering fluency and cybersecurity discipline. Building or expanding a robust OT cybersecurity program requires more than just adding a few industrial examples to an IT security curriculum — it must convey how industrial control systems operate, how risk manifests in physical processes and how real-world roles collaborate to keep environments safe and resilient.
That’s why we’re excited to announce the publication of the "OT Security Knowledge Framework: A Guide for Educators & Students, Second Edition 2025" — an updated and refreshed evolution of "Curricular Guidance: Industrial Cybersecurity Knowledge." Designed as a practical resource for academia, this framework can help universities:
- Design curriculum with confidence, grounding course outcomes in an established body of OT-specific knowledge.
- Align instruction to real operational contexts, ensuring students understand the unique qualities of industrial environments.
- Support program growth and consistency, from introducing OT cybersecurity content to formalizing full degree pathways.
- Build a shared language across disciplines, so engineering and IT/OT cybersecurity stakeholders can collaborate effectively on program structure.
Moving forward, this framework will be reviewed and released annually or bi-annually, recognizing the reality that OT security knowledge can’t remain static while adversaries, technology and critical infrastructure operations continue to evolve.
Background
The ISA Global Cybersecurity Alliance (ISAGCA) — together with Idaho State University, Idaho National Laboratory (INL) and the U.S. Department of Energy Office of Cybersecurity, Energy Security and Emergency Response — released the original "Curricular Guidance: Industrial Cybersecurity Knowledge" document in 2024. That work was the result of a years-long research effort to formally address a deceptively simple question: What knowledge does an industrial cybersecurity professional need to have that is not included in traditional cybersecurity programs of study?
The original 125-page document has become an essential reference for students, instructors, administrators and industrial cybersecurity practitioners.
What’s New in the Second Edition 2025
The "OT Security Knowledge Framework: A Guide for Educators & Students, Second Edition 2025" builds on that strong foundation, while making targeted updates intended to improve clarity and usability — especially for educators and program designers who need definitions to be consistent, teachable and easy to reference.
The most visible differences from the prior version include the following:
1. Expanded Glossary with Additions to Improve Instructional Clarity
This edition includes glossary additions that help establish a more consistent baseline across classrooms, departments and institutions. OT cybersecurity programs often draw learners from multiple backgrounds — such as engineering, IT, cybersecurity and operations — so shared terminology is critical. Strengthening the glossary supports clearer instruction, cleaner assessment language and better alignment across course sequences.
2. More Concise, Higher-Utility Definitions in Key Areas
The new document also emphasizes more concise definitions for concepts that frequently appear in curriculum design, course descriptions and learning objectives, especially where ambiguity can create confusion or inconsistent teaching.
Specifically, readers will see updated, clearer definitions for items such as:
- Engineer
- Professional Roles & Responsibilities
- Supervisory Interface
- Critical Infrastructure
Relatively minor updates like these can have an outsized impact: They help educators define prerequisites, distinguish job functions, map outcomes to industry expectations and reduce misinterpretation when multiple instructors or departments contribute to a program.
Built for the Future of OT Cybersecurity
With this new review cycle, ISAGCA and its partners are acknowledging what universities already know: Curriculum is never “done.” OT security courses in particular will continue to change as technology modernizes and threat actors adapt.
For faculty and program leaders, that means this framework can serve as a stable reference point while still staying current enough to remain credible and useful, year after year.
Next Steps: Join the Webinar
The "OT Security Knowledge Framework: A Guide for Educators & Students, Second Edition 2025" is positioned to be a high-value resource for universities, government and industry on building OT cybersecurity programs. It offers a research-backed structure, a practical organization of OT knowledge and clearer terminology to support consistent teaching and program alignment.
To dive deeper into what’s new — as well as practical insights into OT cybersecurity — attend the new webinar exploring the document in more detail. Dr. Sean McBride, cybersecurity engineering instructor at Idaho State University, will share with attendees:
-
What knowledge makes OT security practitioners fundamentally different from traditional cybersecurity professionals
-
How to clearly explain OT vs. IT security differences to leadership, educators and cross-functional teams
-
How industry, government and academia collaborated to build a shared OT security knowledge framework — and why it matters for workforce development and resilience
If you’re developing a new OT cybersecurity pathway, refining an existing program or simply looking for a clearer way to align learning outcomes to OT practice, this webinar will be the fastest way to get your bearings and ask informed questions. Titled "The OT Cybersecurity Knowledge Framework: 531 Things You Didn't Learn in School," the webinar will be held Wednesday, 25 February 2026 at 11 a.m. ET.
Download a .pdf copy of "OT Security Knowledge Framework: A Guide for Educators & Students, Second Edition 2025" here.
