TL;DR: S4x26 sessions on OT threat pre-positioning, visibility quality, zero trust, and incident communication showed that the community has moved past awareness and is now confronting execution gaps, according to Elisity. The practical challenge is not proving OT matters, but building identity-aware segmentation, trained response, and defensible asset confidence before adversaries act.
NHIMG editorial — based on content published by Elisity: Day 2: What S4x26 Made Clear: OT Security Has Moved Past Awareness
Questions worth separating out
Q: What breaks when OT security teams treat visibility as a checkbox?
A: Teams lose the ability to enforce meaningful segmentation because the inventory is not accurate enough to support policy decisions.
Q: Why do dormant footholds matter so much in OT environments?
A: Dormant footholds matter because they preserve future access in systems where attackers may wait for the right operational moment.
Q: How do security teams know if OT segmentation is actually working?
A: Segmentation is working when policy decisions can be enforced using verified asset identity and validated communication relationships.
Practitioner guidance
- Validate inventory fidelity before enforcing segmentation Test whether device identity, communication paths, and zone mapping are accurate enough to support enforcement, not just reporting.
- Hunt for dormant access and stale footholds Prioritise long-lived sessions, unmanaged remote access, and any OT account or pathway that can sit unused until a future trigger.
- Tie segmentation rules to verified asset identity Build policy enforcement around confirmed device identity and communication intent, not static network position.
What's in the full article
Elisity's full analysis covers the operational detail this post intentionally leaves for the source:
- Field session observations on OT visibility quality and microsegmentation deployment across real environments.
- The incident-communication proposal for scoring OT events by severity, reach, and duration.
- How practitioners are thinking about identity-based policy enforcement across multi-site OT estates.
- The practical readiness questions teams are asking about zero trust, staffing, and exercised response.
👉 Read Elisity's OT security recap from S4x26 →
OT security after S4x26: what visibility and readiness gaps remain?
Explore further
Awareness is no longer the problem in OT security. The field has moved into an execution gap where organisations understand the risk but still struggle to enforce policy against it. That is a governance failure as much as a technical one, because the real question is whether access, visibility, and response are accurate enough to support action. Practitioners should stop treating OT maturity as a communications exercise and start treating it as an enforcement discipline.
A question worth separating out:
Q: Who is accountable when OT risk is communicated poorly to leadership?
A: Accountability sits with the security and operational leaders who own risk translation, because funding and response depend on how the threat is described. If executives only hear technical noise, they cannot prioritise correctly. OT governance needs a shared language for severity, reach, and duration that leadership can act on.
👉 Read our full editorial: OT security has moved past awareness: visibility and readiness gaps