2025-12-13 –, Clappy Monkey Track
Explains why Operational Technology (OT) beyond Critical National Infrastructure (CNI) needs more regulatory attention. Highlights differences between CNI and non-CNI OT and the risks in under-regulated systems. Aims to raise awareness of security gaps impacting public safety and industry.
This talk explores the current regulatory landscape for Operational Technology (OT) in the UK, focusing on often-overlooked environments outside Critical National Infrastructure (CNI). While the PSTI regime, effective from April 2024, improves cybersecurity requirements for consumer IoT devices, many non-CNI OT systems still lack comprehensive oversight. OT encompasses a range of industrial and infrastructure technology that directly monitors and controls physical processes, with some overlap to IoT devices such as smart locks. I will discuss the key distinctions between CNI and non-CNI OT, understand the limitations of current UK product security laws, and discuss the need for expanded regulation to mitigate risks to public safety and critical operations.
Final year Computer Science student with a recent interest in Operational Technology (OT) cybersecurity. I have long attended many BSides events, including BSides London, and while my knowledge of OT is still developing, I hope to give back to the community by sharing my perspective.