Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Building a Skilled Workforce to Meet the Demands of OT Cybersecurity

The rise of the internet of things (IoT) and other Industry 4.0 technologies have led to blurring lines between IT and operational technology (OT), and cyber-physical systems come with unique security considerations.

In light of these differences, securing OT systems often requires an unusual combination of skills and experience. Ongoing workforce challenges may further complicate the issue, but it is possible to work past these barriers.

The Challenge of Ensuring OT Security Amid Skills Gaps

Cybersecurity talent gaps affect virtually every industry. However, the demand is higher in heavy industries than in work environments mainly dealing with IT infrastructure. In sectors like construction and manufacturing, between 91% and 94% of organizations report having security skills gaps.

This demand can be challenging to fill because OT cybersecurity looks different from IT-focused security. While employees may acquire experience in securing Windows or Mac environments fairly easily, fewer people are knowledgeable about industrial control systems and their underlying frameworks. The software is often specialized and the hardware is fundamentally different. It is critical to ensure the safety and continuity of essential functions in OT environments, so the same steps in cybersecurity don’t always apply.

Many OT systems also use legacy software incompatible with modern security software. Safety concerns or other operational issues may prevent OT cybersecurity specialists from upgrading or using some protections that are common in IT today, requiring a different approach.

Finally, the sheer volume of attacks compounds these other challenges. Manufacturing accounts for 25.7% of all cyberattacks, making it the most-targeted sector. Energy falls in fourth place. Such a considerable amount of incidents may leave already-strained security workforces with even greater workloads.

How to Develop a Skilled OT Cybersecurity Workforce

Something must change to address the OT cybersecurity skills gap. Thankfully, businesses have options. Here are five strategies to begin developing a skilled workforce to meet this growing need.

1. Look Inward for Talent

First, companies should consider how they can foster necessary skills instead of searching for workers who already possess them. The Bureau of Labor Statistics expects there to be 17,300 open roles in cybersecurity in the U.S. each year over the coming decade. Amid such a massive shortage, the broader labor market is too competitive for businesses to fulfill every position with an external hire, so they must turn inward.

Any technical skill is teachable. Consequently, organizations can gain much from finding adaptable employees with relevant soft skills already on their payroll. Offering training courses and certificate programs to these workers to equip them to serve OT security needs may fill the gap faster than external hires can.

2. Promote Ongoing Learning

Companies can lean further into this strategy by emphasizing ongoing learning opportunities. Many employees already want to gain new knowledge and skills — studies find that career development options lead to decreased turnover, especially among younger workers. Given this demand, encouraging staff to undergo OT security training can fulfill two demands simultaneously.

These programs can either pair employees with existing OT cybersecurity professionals in a mentorship or provide access to external educational resources. In either case, businesses can use them to incentivize veteran staff members and new hires. Training people to acquire new skills allows HR teams to hire recruits without all the necessary experience, as they’ll gain it on the job.

3. Cross-Train IT and OT Professionals

Another way to foster OT cybersecurity talent is to combine training programs for IT and OT professionals. Hybrid approaches can yield impressive results, as some goals are more closely aligned than they initially seem. In the same way that manufacturers have saved 32,000 USD a month and improved safety through a single material handling change, combining IT and OT training can benefit both sides.

IT employees must learn how industrial control systems work to protect them effectively. OT specialists have that knowledge but may lack understanding about general IT cybersecurity threats and best practices. By combining teams during training, each side can help the other learn what they need, leading to a stronger overall OT cybersecurity workforce.

4. Partner With Educational Institutions

As businesses revamp their cybersecurity training workflows, they should consider partnering with third-party education providers. Many colleges, professional development organizations and online learning platforms now offer courses in OT security as the demand for such skills has grown. Companies shouldn’t overlook that opportunity.

The simplest way to approach such partnerships is to cover employees’ educational costs if they take these courses.

5. Consider Taking Advantage of Automation in IT Settings

Finally, organizations can reduce the pressure on their cybersecurity workforce by automating certain repetitive IT tasks. Today’s software solutions can automate data management — which 52% of IT teams say they spend too much time on — and more. Taking advantage of these programs gives a smaller workforce time to upskill and accomplish mission-critical work.

Of course, human experts must always have the final say in sensitive matters. However, IT automation can reduce the burden on IT staff so they can spend additional time deepening their understanding of complex OT environments without external help, which may be difficult to acquire.

Organizations Must Address the OT Security Skills Gap

The OT cybersecurity talent gap is too big and too threatening to ignore. While filling it may not be easy, it’s not impossible. Businesses should consider how they can implement these five strategies today to equip their workforce for the needs of tomorrow.


Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to thought leadership, research and other insights from the OT cybersecurity community.

Devin Partida
Devin Partida
Devin Partida is the editor-in-chief of ReHack Magazine.

Related Posts

Building a Skilled Workforce to Meet the Demands of OT Cybersecurity

The rise of the internet of things (IoT) and other Industry 4.0 technologies have led to blurring lines b...
Devin Partida Jan 10, 2025 7:00:00 AM

Defending Against State-Sponsored Cyberattacks in 2025

State-sponsored cyberattacks and nation-state data breaches are on the rise — and industrial sectors arou...
Zac Amos Jan 3, 2025 7:00:00 AM

Webinar: Securing Operations and Building Resilience in Critical Infrastructure

The connectivity of systems and products has created a complex and interdependent ecosystem of stakeholde...
Kara Phelps Dec 27, 2024 7:00:00 AM