A cultural chasm: Bridging the gap between engineering and network security

Without effective collaboration between engineering and network security, gaps in cybersecurity will persist
March 30, 2026
2 min read
Holding mug, woman wearing gray chunky sweater sitting at home desk, with mic and padlock overlay.

On Apr. 1, 2026, Dr. Darrell Eilts, Chief Information Officer (CIO) of the Sewage and Water Board of New Orleans, and I will be guests on the Grid Podcast. This discussion will not focus on IT/OT convergence. Instead, we will address a more fundamental issue: the need for true collaboration between engineering and network security.

IT/OT convergence is often defined as collaboration between IT and OT network personnel focused on Ethernet networks, firewalls, routers, switches and data. Network security assumes if the networks are secured, the systems are secured. Engineering, however, is fundamentally different. It is about pumps, valves, turbines, transformers, process sensors and the physics that govern their operation. Network impacts are data failures whereas control system impacts (whether unintentional or malicious) result in physical impacts that may not look like data cyber incidents.

As a result, engineering/network security collaboration is not simply an extension of IT/OT convergence – it is a clash of cultures. There are many reasons for this gap. It often begins in academia. Most university computer science programs do not require even an introductory course in engineering, and most engineering programs do not require coursework in cybersecurity.

Get your subscription to Control's tri-weekly newsletter.

This cultural divide carries into industry. The cultural gap affects sectors including electric power, water, oil and gas, pipelines, manufacturing and transportation. It is reflected in professional engagement as well as relatively few engineers attend cybersecurity conferences, and relatively few cybersecurity professionals attend engineering conferences.

On the podcast, Darrell and I will discuss issues we identified in our upcoming paper, “Packets and Process: What Network Security and Engineering Get Wrong About Each Other,” to be published in the June 2026 issue of IEEE Computer magazine. Darrell will outline why network security professionals often struggle to engage with engineering, while I will address why engineers are often reluctant to work with network security.

The bottom line is straightforward: no infrastructure can be truly cybersecure when the culture is broken. Without effective collaboration between engineering and network security, gaps will persist.

The podcast can be found here, and the tape will be available on YouTube. We hope you will join us and bring your questions to the discussion.

About the Author

Email

Joe Weiss

Cybersecurity Contributor

Joe Weiss P.E., CISM, is managing partner of Applied Control Solutions, LLC, in Cupertino, CA. Formerly of KEMA and EPRI, Joe is an international authority on cybersecurity. You can contact him at [email protected]

Sign up for our eNewsletters
Get the latest news and updates

Related

Economic value of better control
Centrifugal pump control: Implications of high-static head/system pressure in VFD applications