Group Purchasing
Group Purchasing

Making the Switch: How to Build an OT Cyber Program Around the Five Critical Controls

Making the Switch: How to Build an OT Cyber Program Around the Five Critical Controls (PDF, 3.42MB)Last updated: 09 Jun, 2026
Presented by:
Christopher Cotter
Christopher Cotter

Based on my experience supporting and later leading an OT cybersecurity program, this talk explores the evolution from a NIST Cybersecurity Framework–aligned strategy to a more operations-driven approach built on the SANS Five Critical Controls for OT Cybersecurity. This session will discuss why high-level frameworks can fall short in regulated industrial environments and how the Five Critical Controls can be applied as an adaptive methodology rather than a prescriptive checklist. Attendees will learn how to justify this approach to regulators, identify practical activities within each control, develop executive-level KPIs and KRIs, and build stakeholder alignment across engineering, operations, and compliance. The session is designed to help organizations confidently get started with the Five Critical Controls while establishing credible, flexible benchmarks for regulated environments.

SANS ICS Security Summit 2026