Disclaimer: All views presented here, in this newsletter, are my own.
Author or the newsletter are not liable for any actions taken by any individual or any organization / business / entity. The information provided is for education and awareness purposes only and is not specific to any business and or situation.
Hey Securing Things Community,
Last year, I submitted a proposal for a talk at a very well renowned international OT/ICS cybersecurity conference in the US.
The presentation was related to the topic of Securing UNS (unified name space) / data driven network architectures - in an era of digital transformation, industry 4.0/IIOT etc. Got a great feedback from organiser on draft slides. Thanks, you know who you are :-).
Rest of the short story below.
This is part 1 of a multi-part series, where I’ll be covering concept of digital factory and UNS, industry update, professional debates on certain positions, conferences in 2025, few interesting reads, along with my post viewed social posts.
Ready? let’s dig in.
But before we begin, do me a favour and make sure you hit the “Subscribe” button to let me know that you care or liked and keep me motivated to publish more. Thanks!
Securing Things Academy:
IT & OT CySEAT (Cyber Security Education And Transformation) course is designed for IT and OT cybersecurity practitioners. Join the wait-list → here.
Checkout a brief overview below:
But before we begin, do me a favour and make sure you hit the “Subscribe” button to let me know that you care or liked and keep me motivated to publish more. Thanks!
It was my first time voluntarily putting myself forward for an in-person event, and I was convinced my submission would not pass the high standards set by the expert organisers.
A few weeks later, I received a message from the event organiser, informing that my talk had been selected for a stage 2 presentation. Was excited and a bit nervous at the same time with gazillion thoughts in my mind on that day.
25 mins and a big topic to tackle, what to include, structure, what not to.
I was supposed to take a brief hiatus / break, the following week in Feb, jetting off, long haul, to the US to prepare and deliver my presentation and later travel locally to meet some of my uni buddies.
However, a series of logistical hurdles made this plan impossible.
Reluctantly, I informed the organizer and my talk was withdrawn from the conference.
After feeling a bit frustrated, I reminded myself that everything happens for a reason, often leading to something better.
seems it did, kind of. More on that later.
Anyway, as part of this newsletter, am releasing a small part of the presentation (see the gif) and also talk about some other relevant industry updates, debates and list out few security conferences that maybe of your interest.
In the following sections, I’ll be introducing you to the concept of UNS in industry 4.0 at a very high-level, this is part of the IT-OT CySEAT Training - an upcoming offer. Join the wait-list soon, before its too late.
Drop in your best email address to subscribe and continue reading the rest of the newsletter edition for free.
Unified Name Space (UNS)
It’s challenging to explain what a UNS is without first understanding, what is industry 3.0, vs. 4.0, IIOT and the ISA-95 (part 2 specially). Some of it was covered in one my previous newsletter edition here.
Below represents both how point-to-point integration has worked for industry 3.0 - focused on automation and how industry has changed / is changing its direction.
Part of STA - IT-OT-CySEAT Training
For 3.0 → different layers of automation stack were integrated from the plant floor to the next layer up in the hierarchal sequence, e.g. PLCs with HMI, HMI with SCADA, SCADA with MES, MES if lucky with ERP, ERP to Cloud and downwards the other way around. These integrations were very expensive and time consuming to build and mostly failed or were cost prohibitive for many for scalability.
For 4.0 → Digital transformation initiatives were business driven to solve the above challenges.
Manufacturers successful in their digital transformation from 3.0 to 4.0 focus not solely on ERP, but rather the underlying manufacturing or production operations.
This doesn’t mean that ERP is of any less importance - it plays a crucial role in tying different business processes (e.g. planning, inventory, financials etc.) and leverages the intelligence from manufacturing operations.
Industry 4.0 is leveraging data and information to make better business decisions across the enterprise and or extended enterprise.
Providing data out of the factory floor, to more use cases & business professionals - up to the board room, as well as, maybe to your suppliers and customers. E.g. R&D, Quality, Asset Maintenance, Supply Chain, various project management functions, trying to reduce e.g., waste, power consumptions, regulatory requirements.
Essentially all the business functions that never had access to the real-time or data from the factory floor.
What is a Digital Factory?
with all layers of automation stack connected to a common digital infrastructure.
Fully integrated business i.e. everything connected to network as a node in the eco-system.
All layers are integrated and operates based on real-time data and information from all other layers.
Stakeholders of the business know the:
Current & future state of the business – in real-time
Need to execute (or not) and recommended any operational adjustments.
Leverages latest technology (ML/AI) to:
Collect and analyze data/information
Predict (by ML) future outcomes based on past patterns and current state.
Recommend operational adjustments to improve outcomes in the future.
Instead of building point-by-point integration, a new hub and spoke type architecture was developed, and termed as UNS, using some sort of broker technology and an edge driven architecture.
First UNS was build 2 decades ago in 2005 by Walker R.
So what is UNS?
- a combination of hardware, software and master data model.
If we use software terminology to explain UNS, it has 3 components:
a UI (through which people input or extract information).
an API (retrieve data from the backend and put it into UI or vice versa), and
backend (SQL/database).
So, the combination of API and backend with a master data model that provides the common infrastructure is the UNS.
All smart components or nodes, the UI interacts with that common infrastructure.
E.g., MQTT for the API calls and the backend database (structure and events in master data model), as the UNS.
The unified namespace uses ISA-95part 2 as master data model to standardised naming convention by eliminating intermediaries and prioritizing information exchange over a hierarchical structure.
Industry have seen attacks and risks being exploited at almost every layer of the automation stack.
As security and technology professionals, we must assess the risks of different architectures and develop a cybersecurity program that supports both current and future architectural solutions, enabling rather than hindering business.
Conclusion
Asset owners using this solution architecture in the Industry 4.0 era are leading, outperforming competitors, and are likely more secure due to higher digital fluency among their users embracing technology.
This new innovative approach and architecture demands intelligent network designs, advanced cyber-physical security, visibility, data and identity-centric security solutions. More on the security aspects in a future part.
All these innovative approaches triggers many other industry and OT Debates e.g.:
Purdue Model - Dead or Alive?
Using wrong approach to segmentation (using Purdue levels - creates risks)
Which reference architecture to use? if any.
Protocol wars - MQTT vs. OPC - which wins IIOT battle.
Lack of OT/ICS specific guidance for Cloud environments.
Data Governance, Ownership,
and many more.
More on some of these in future newsletter.
I’d love to know what have you seen works for:
your Industrial environment → if working as an asset owner.
your Industrial customers → If you are consultant / vendor / solutions provider.
If you’d like to learn more on this head to: IT-OT CySEAT Training & join the wait-list soon, before its too late.
Few interesting reads
Here are some interesting reads of the week:
25 Years, of Asking the Same Question - Why don't we see more OT cyber incidents? - Dale Peterson, in his latest article tackle this question.
Process Controllers Under Attack: Real-Time Performance and Cyber-Physical Risks - Sinclair Koelemij addresses a lack of understanding about DCS in security discussions. The distinction between DCS and SCADA—two entirely different systems with very different vulnerabilities.
OT & IT Cybersecurity Conferences & Summits
Here is a list of upcoming IT & OT/ICS security conferences scheduled for 2025:
North America (NA)
S4x25
Date: February 11-13, 2025
Location: Miami, Florida, USA
Overview: An international gathering for advanced OT security professionals to explore innovative ideas and strategies over 3 days.
RVAsec 2025
Date: June 3, 2025
Location: Richmond, Virginia, USA
Overview: A security conference focusing on various cybersecurity topics.
SANS ICS Security Summit
Dragos Industrial Security Conference (DISC)
ICS/SCADA Cybersecurity Symposium
Date: June 3-4, 2025
Location: Chicago, USA
Focus: Real-world preparation for critical infrastructure operators against cyber threats. 3
IoT / OT Security Conference 2025
Date: May 20, 2025
Location: Lorzensaal, Cham, Switzerland
Focus: Merging IT and OT infrastructure while protecting against cyber threats.
World Congress on Industrial Control Systems Security (WCICSS-2025)
Date: TBD in 2025
Location: Not specified
Focus: Advancements in Industrial Controls Security and SCADA.
Industrial Control Systems (ICS) Cybersecurity Conference
Date: TBD in 2025
Location: Atlanta, USA
Focus: Discussions on cyber incidents affecting ICS users and vendors.
Date: June, 11-12, 2025
Location: Calgary, Canada
Focus: Third edition of the Cyber Security for Critical Assets Canada summit.
Asia-Pacific (APAC)
CS4CA APAC Cyber Security Summit
Date: April 16-17, 2025
Location: Singapore
Overview: This summit focuses on OT/ICS security and brings together leaders from critical infrastructure sectors.
APAC Cyber Summit in Singapore, is for all IT Security leaders representing any industries across the APAC region.
CS4CA ANZ Summit
Date: February 11-12, 2025
Location: Perth, Australia
Overview: The first edition dedicated to Australia and New Zealand within the CS4CA series.
Europe (EU)
ManuSec Europe
Date: Feb 25-26, 2025
Location: Munich, Germany
Overview: ManuSec Europe Celebrates its 8th Edition on emerging cyberthreats for the manufacturing sector.
ISA OT Cybersecurity Summit
Date: June 17-19, 2025
Location: Brussels, Belgium
Overview: Strategic OT Cybersafety with ISA/IEC 62443 Intelligent Innovation for a Secure World.
Pulse Conferences: Cyber 100 Conference
Date: June 3, 2025
Location: London, United Kingdom
Overview: A conference addressing various cybersecurity issues across sectors.
Gartner Security & Risk Management Summit
Date: June 22-27, 2025
Location: Copenhagen, Denmark
Overview: A key event for security and risk leaders to discuss strategic necessities.
Cyber Security for Industrial Control Systems Conference
Date: TBD in 2025
Location: UK (specific venue not mentioned)
Focus: Identifying and mitigating cybersecurity challenges in industrial control systems. 4
Middle East (ME)
Saudi Global CISO Summit
Date: April, 27-28, 2025
Location: London, Saudi Arabia.
Overview: brings together leading cybersecurity professionals, thought leaders, and industry experts from around the world in Saudi Arabia.
Africa
Africa CISO Summit
Date: March 19 — 20, 2025
Location: Nairobi, Kenya
Overview: designed to address the pressing challenges faced by the region while highlighting the opportunities presented by emerging technologies and investment trends.
This compilation provides a range of conferences focusing on IT and OT security across different regions in 2025, providing opportunities for networking and knowledge exchange among professionals in the field.
My Recent Most Viewed Social Posts:
In case you’ve missed - here are some of my recent most viewed social posts.
OT Security Visibility Solutions & Metrics -✅Lessons learned consulting on top OT Security Solutions, KPIs/ODMs, & more🚀.
Tip to remember ISA/IEC 62443 Standards Group & Overview Part 2.
This is it - Good Bye. Happy New Year! Recap on 2024 and the Future of Securing Things in 2025.
Cybersecurity (IT, OT/ICS, AI, Open source) Insights from Q4 2024.
What the heck is ITDR - A crash course on Identity Threat Detection & Response.
IT & OT/ICS Cybersecurity Policy(/ies) - Deciding on the Policy Route for your industrial environments.
Securing Things Academy:
IT & OT CySEAT (Cyber Security Education And Transformation) course is designed for IT and OT cybersecurity practitioners. Join the wait-list → here.
Checkout a brief overview below:
Ways in which I can help?
Whenever you are ready - I can help you with:
A - IT & OT Cybersecurity Advisory / Consulting services - for securing your business and or its digital transformation journey.
B - Security Awareness Training & Phishing Awareness Portal - Train your staff and build a Security awareness program subscription based service.
C - Securing Things Academy (STA) - Security trainings for IT & OT practitioners.
Visit the newsletter website for Links to above services and or reach out at info[at]securingthings[dot]com or DM me via LinkedIn.
D - Securing Things Newsletter - Sponsor this newsletter to showcase your brand globally, or subscribe to simply Get Smarter at Securing Things.
Reach out at newsletter[at]securingthings[dot]com or DM me via LinkedIn.
✉️ Wrapping Up - How are we doing?
I invite you as part of #SecuringThings community to share your feedback.
Rate the newsletter content
Your feedback and input is invaluable to me as we work together to strengthen our cybersecurity defenses and create a safer and smarter digital society.
Let us know how we can improve this and or what you’d like to see in future?
Thank you for your trust and continued support.
Do register, validate your email, and request login link to submit poll to be able to enter a chance to win a future course giveaway.
Thanks for reading - until the next edition!
It’s a Great Day to Start Securing Things for a Smart & Safer Society.
Take care and Best Regards,
M. Yousuf Faisal. (Advice | Consult Cyber & business leaders in their journey on Securing Things (IT, OT/ICS, IIOT, digital transformation, Industry 4.0, & AI) & share everything I learn on this Newsletter | and upcoming Academy).
