As we wind down 2024, some of our Nexus contributors have looked back on the challenges and wins the cybersecurity industry has achieved, and provided their take on what lies ahead next year within their industries and specialty areas. Today, John Ballentine, OT cybersecurity lead for the Port Authority of New York, New Jersey, reflects on vendor relationships in OT and predicts consolidation in the space.
With respect to OT security product and service sales messaging in 2024: increased competition has created three distinct vendors: one group of providers made their OT security messaging more technically mature and functionally productive, giving an end-user some valuable insight into managing their risks. Another larger group though, simply doubled-down on overly simplistic messaging around this thing called "OT cybersecurity"—as if to say that there are end-users that still have not given this notion any thought. Then the third group decided to go negative with messaging (implicit and explicit) attacking both the first two groups without offering any valuable alternative messaging.
In 2025, I would hope to see some consolidation in the OT security products and services sector, especially for critical infrastructure protection. That consolidation must start at the messaging level. It also needs to permeate the actual products and service capabilities. Even consolidation supporting the adoption, promotion, and incorporation of creative—often radical—new OT security technologies would be welcomed. Hopefully we will see an end to the discord between competitors and prompt more open dialogues about real-world lessons learned and applied to measurably reduce OT security risks.
Since 2019 John has designed and developed the extensive OT Cybersecurity Program at the Port Authority of New York and New Jersey. This includes a comprehensive approach based on the NIST Cybersecurity Framework (CSF) and IEC 62443. From asset identification, vulnerability management, threat detection, access controls, architecting an OT segregated environment, building an internal OT SOC, designing a comprehensive process-based disaster recovery program specific to OT, John's OT cybersecurity initiatives have combined to become a formidable defense in this highly critical agency. The PANYNJ includes all the bridges and tunnels connecting NY and NJ, the World Trade Center complex, the PATH commuter rail system, the nation's busiest maritime ports and of course the regional airports: JFK, LaGuardia and Newark.
