Packaged Control Systems – The Achilles Heel of Most OT Cybersecurity Programs
About This Session
Packaged control systems (PCS) are a mainstay in industrial environments due to their standardized functionality, ease of integration, cost efficiency, and rapid deployment. From gas compression skids to boiler control systems and vapor recovery units, PCS offer a pre-engineered, plug-and-play approach that enables organizations to quickly meet operational needs. However, these benefits come at a significant cost because they are often the most overlooked and vulnerable components in Operational Technology (OT) cybersecurity programs.
This presentation will explore why PCS pose a disproportionate risk to industrial cybersecurity. It will examine the systemic challenges they introduce, including lack of built-in security features, poor patch management, and insecure communication protocols.
Drawing on real-world examples from oil and gas, chemical processing, and utility operations, this session will highlight how PCS can become the entry point for cyber threats—and what organizations must do to address these risks. Attendees will gain insights into practical mitigation strategies, including risk assessments, architectural segmentation, protocol hardening, and vendor engagement, to strengthen their OT cybersecurity posture against the hidden dangers of packaged control systems.
This presentation will explore why PCS pose a disproportionate risk to industrial cybersecurity. It will examine the systemic challenges they introduce, including lack of built-in security features, poor patch management, and insecure communication protocols.
Drawing on real-world examples from oil and gas, chemical processing, and utility operations, this session will highlight how PCS can become the entry point for cyber threats—and what organizations must do to address these risks. Attendees will gain insights into practical mitigation strategies, including risk assessments, architectural segmentation, protocol hardening, and vendor engagement, to strengthen their OT cybersecurity posture against the hidden dangers of packaged control systems.
Speaker
John Cusimano
Chief Security Officer (CSO) - Armexa, LLC
John Cusimano is a seasoned OT cybersecurity business and thought leader, with over 30 years of expertise in process control, functional safety, and operational technology (OT) and industrial control systems (ICS) cybersecurity. He is a pioneer in the development of the Cyber HAZOP methodology, has led countless OT cybersecurity risk assessments, and played a pivotal role in establishing OT cybersecurity programs for numerous companies. As a prominent member of the ISA 99 cybersecurity standards committee, he chaired the subcommittee responsible for crafting the ISA/IEC 62443-3-2:2020 standard and developed multiple training courses on OT cybersecurity.