OT vs IT Security Differences

Applying IT security practices directly to OT often does more harm than good. The two domains optimize for different goals, run different technology, and fail in different ways. A practitioner crossing into OT must unlearn several reflexes.

This lesson contrasts the priorities, constraints, and threats that make OT security its own discipline.

IT prioritizes the CIA triad as Confidentiality, Integrity, Availability. OT effectively inverts it.

• Availability first — the process must keep running; downtime can be dangerous or hugely costly
• Integrity second — readings and commands must be trustworthy
• Confidentiality last — sensor values are rarely secret

Above all sits a concern IT does not share: safety. Protecting human life and the environment outranks everything.