The first problem is that OT is a distinct class of networks that in some cases have evolved over decades. There is no standard OT network, and the danger is that this leads managers to see their network as a special case.
The second issue is how OT networks are connected, or not, to the networks running the office’s IT systems. This includes people using OT. OT is highly specialized and the teams that maintain these networks are often separate or physically distant from the core IT team.
OT networks themselves are often deliberately isolated from other IT systems, but not always completely so. One difference the guidelines note is that the data operators OT must protect is very different from other networks. In OT, sensitive data is anything that gives attackers special information about its operation, for example voltage or pressure levels, or the location of special controls.
Source link