IEEE Communication Society Techblog: Why the differences between network and control systems cybersecurity matter

IEEE is a participating organization for the May 5–7 Sensors Converge conference, where I will be speaking on the critical need for process sensor cybersecurity. In preparation for this presentation, I discussed the current state of control system cybersecurity with Alan J. Weissberger of the IEEE Communications Society (ComSoc) Techblog.

Our conversation focused on the persistent culture gap between IT/OT network cybersecurity and engineering disciplines – a gap that continues to prevent critical infrastructures from being properly secured. As a result, we collaborated on an IEEE ComSoc Techblog post titled “Key Differences Between Network Cybersecurity and Control System Cybersecurity & Why It Matters,” published May 1, 2026.

While IT and OT network security are essential, securing control systems presents fundamentally different challenges. Engineering devices, particularly field and process sensor equipment, typically lack built-in cybersecurity features such as authentication, logging and cyber forensics, and are not supported by process sensor cybersecurity-trained personnel. Consequently, traditional network-centric approaches are insufficient for ensuring safe and reliable operations.

The Techblog post emphasizes that the culture gap is not simply the commonly discussed IT/OT convergence issue. Rather, it stems from a lack of understanding within network cybersecurity communities of the requirements for securing control systems against both malicious and unintentional electronic communication issues, including, but not limited to, Ethernet-based threats.

This gap is reflected in recent Cybersecurity and Infrastructure Security Agency (CISA) advisories, such as “Barriers to Secure OT Communication: Why Johnny Can’t Authenticate” and “Adapting Zero Trust Principles to Operational Technology,” where many control system field devices are unable to meet the CISA-recommended cybersecurity practices.

Get your subscription to Control's tri-weekly newsletter.

The Techblog post also expands on themes discussed in a YouTube podcast on the network security- engineering divide, with Darrell Eilts of the Sewage and Water Board of New Orleans.

We further examined physics-based attacks and process sensor vulnerabilities that remain largely unaddressed by network cybersecurity organizations. We concluded that industry and government stakeholders must converge on a harmonized definition of cyber incidents that integrates both network-centric and control system–centric perspectives. Achieving this will require cross-domain training so that cybersecurity practitioners and engineering teams understand control system architectures, threat models and failure modes down to the process sensor level. Only then can critical infrastructures be effectively and securely protected.