Why combining physical and cybersecurity is critical for securing today’s interconnected automation systems. Learn more in a June 26 webinar with Control Engineering.
Cybersecurity and security insights
- Explore tips, tricks and best practices for achieving cybersecurity and site security.
- Understand best practices for adapting and integrating site security risk assessments into broader automation cybersecurity strategies.
- See the webcast for more advice: Register for the Control Engineering webcast, “Industrial cybersecurity: Integration with security,” archived until June 26, 2026.
Get practical advice on the relationship between site security and cybersecurity risks, and their impact on automation, controls and instrumentation systems from Control Engineering in a June 26 webcast. The instructors are:
- Leah Dodson, Co-founder, Piqued Solutions
- Jeremy Dodson, Co-founder, Piqued Solutions
Interconnected systems
Industrial automation, controls and instrumentation systems are increasingly interconnected, making site security a critical component of overall cybersecurity. Site security encompasses the physical and digital measures necessary to protect devices, systems and networks that are accessible or connected to the broader industrial environment. For those designing, implementing, maintaining or managing automation and instrumentation systems, understanding and addressing site security is essential for mitigating cybersecurity risks.
This webcast explores the importance of site security as an integral part of automation cybersecurity. Participants will learn how to incorporate site security into broader risk assessments and foster collaboration across teams, from onsite personnel to supply chain partners, to develop a unified approach to minimizing vulnerabilities.
Learning objectives
- Analyze the relationship between site security and cybersecurity risks, and their impact on automation, controls and instrumentation systems.
- Discover methods for adapting and integrating site security risk assessments into broader automation cybersecurity strategies.
- Gain insights from real-world examples of successful integration between site security measures and automation cybersecurity to reduce risk effectively.
Understanding cyber risk
So why is site security now considered essential to industrial cybersecurity, especially in automation and controls?
“There’s so much more interconnection. Now, there’s so much more data that’s being processed on so many more levels than there have been in the past,” said Leah Dodson. “There are a lot of gaps where risk sits that are being neglected, are being overlooked. So if someone can walk up to a panel and plug in a device, that’s cyber risk, too. We want to make sure that we’re arming our people with the ability to take a look at that risk, understand it and address it.”
Jeremy Dodson’s career has included roles at the National Security Agency (NSA), where he analyzed and mitigated nation-state threats, and leading operations at the U.S. European Command, focusing on critical international security measures. In these roles, he has been tasked with attacking systems to search for vulnerabilities.
“As an attacker, I have never thought about, ‘Well, I’m attacking physical now. Now, I’m attacking over the wire,’” he said. “It’s always how do we get in? What is the least path of resistance, and a lot of time, the gap in between handoffs of someone’s responsibility over another person’s responsibility has been where we slip in.”
While organizations often separate physical security and cybersecurity in industrial settings, attackers don’t work like that. As an attacker, you have to have both skills to be successful. That’s why defenders need to do the same thing.
“A big misconception is that a cybersecurity attack is what you see as the end result — when you’re seeing the message from the attackers that your data has been ransomed — that that is a cybersecurity attack when really it’s a chain of events,” said Leah Dodson. “In that chain of events, physical security can play a huge role, especially in environments like these.”
Creating shared responsibility for security
One major problem in industrial settings is the divide between responsibilities — information technology (IT) versus operational technology (OT), cybersecurity versus site security. Jeremy Dodson said one of the best ways to combat this is by just walking around the site and having a conversation over coffee.
“It’s hilarious and awesome to see people’s light bulbs go off when someone looks at the door and goes, ‘Oh, I could get in by taking the hinges off because they’re on the outside. I could do this and that,’” he said. “Then a cyber guy or someone that’s over the wire could be like, ‘Oh, I could bypass the cameras by de-offing the Wi-fi, and I could do this to the door to let me open it. Just having a conversation starts so many light bulbs in everyone’s minds that they then go, ‘We can fix this.’ It’s such a great a-ha! moment to watch.”
Ultimately, the goal for the webinar is to provide a better understanding of the risks that are in industrial environments, the ways attackers could take advantage of those risks and the vulnerabilities that exist. It’s essential to know who to involve in those conversations about risk and incident response, and how to how to build a program that shines a light on those areas.
