CISA, Standard Development Organizations, and OEMs conducted customer research within the control systems community, including water, transportation, chemical , energy, and food & ag operators, with the aim of understanding barriers to secure communication. Secure versions of industrial protocols exist (e.g., DNP3 to DNP3 SAv5); however, the technical maturity of a solution is irrelevant if the solution is not usable by the target audience. Operators often have the technical tools and desire to secure communication but cannot do so due to cost and complexity.

This talk identifies common barriers for operators and highlights ways that OT manufacturers can reduce these barriers. Examples include prioritizing message signing over encryption for easier integrity and authentication, reducing the complexity of secure deployments, and ensuring secure protocols are interoperable to simplify legacy transitions.