Debbie Lay, Principal Sales Engineer at TXOne Networks, talks with Anna Ribeiro at Industrial Cyber to gain insights into key issues affecting industrial cybersecurity in 2025. Read the full article on Industrial Cyber.
Ribeiro:
How are industrial organizations redefining cyber resilience to ensure business continuity amid increasing cyberattacks, and how can they balance proactive cybersecurity investments with rising cyber insurance costs?
Lay:
Organizations are acting to ensure business continuity, even if that action today is only putting it on the radar. Some are focused on where to start. Others are discovering the challenges of implementing traditional security solutions that do not ensure continuity. OT and IT have made strides in working together, and OT now has specific guidance and regulations for protecting critical assets. Both are positive things given the rise in cyberattacks.
The ease of leveraging existing IT cybersecurity investments in OT might be appealing. Drawing on existing knowledge and playbooks can make it look like, “We got this,” but it often creates more challenges than it solves. Cybersecurity professionals should take the extra time to identify OT-specific, proactive alternatives prior to wedging IT security solutions into OT environments.
Ribeiro:
In what ways is AI transforming threat detection and response in ICS and OT environments, and what measures are being adopted to ensure these AI-powered tools do not introduce new vulnerabilities?
Lay:
Among the many possibilities, we embrace AI in OT security to integrate environment-specific operational context into intelligence frameworks. This approach enhances the ability to uncover unknown risks and counter the growing wave of targeted attacks. By leveraging operational context, AI-assisted security actions can dramatically reduce false alarms—one of the key reasons that traditional IT security solutions often fall short in OT.
Ribeiro:
How has the convergence of IT and OT expanded the industrial attack surface, and which emerging threats (e.g., ransomware, supply chain attacks) are most concerning for industrial cybersecurity in 2025?
Lay:
Convergence was driven by business needs, but it lacked the in-depth knowledge of the unique OT environment. Most organizations simply installed a firewall between their enterprise network or configured a VLAN for OT. Firewalls have become a common target themselves due to the configuration and maintenance complexities, so adding firewalls alone is not sufficient to defend the operation.
Certainly, ransomware continues to impact OT environments. To combat this and other emerging threats, the OT side needs to segment flat networks. Even if it is segmented, the mission-critical processes need to be protected differently. (All OT VLANs are probably not the same from a criticality standpoint.) Then the OT-to-IT convergent point needs to be re-assessed, including adding an OT-specific firewall of a different vendor so that no asset from the enterprise can talk to OT and vice versa without going through two firewalls of different vendors.
Ribeiro:
What mechanisms are industrial organizations implementing to mitigate third-party risks in an interconnected supply chain, and how are manufacturers and suppliers collaborating to embed ‘secure by design’ principles into industrial equipment and systems?
Lay:
While I believe and support the “secure-by-design” approach, it will take years to achieve. Today’s OT assets will become legacy systems 20-30 years from now and will have the same vulnerabilities then. Regardless, as cybersecurity professionals, we own it. We must protect our companies’ assets and reputations, and we must control and mitigate what comes into our organizations by adopting cybersecurity-aware processes throughout the interconnected supply chain.
An example of this collaboration is SEMI 187, which brings OEMs and device manufacturers together in a neutral environment to explore solutions for the various cybersecurity challenges they face.
Ribeiro:
What strategies are most effective for recruiting and retaining skilled OT cybersecurity professionals, and how are evolving regulations (e.g., NIS2, CISA guidelines) shaping industrial cybersecurity practices while challenging organizations to maintain continuous compliance?
Lay:
Regulations emphasize stricter incident reporting, risk management, supply-chain security and accountability. Cybersecurity professionals typically focus on the technical aspects, but priorities need to change if focusing on continuous compliance.
When recruiting talent, look for attention to detail, good communication skills, integrity and—most of all—adaptability. Staying current with evolving regulations and industry changes requires a commitment to continuous learning and self-motivation.
Learn more from Debbie Lay in the upcoming webinar panel with Industrial Cyber on April 16th, The State of Industrial Cyber Security 2025.
Debbie Lay, Principal Sales Engineer at TXOne Networks.
Debbie Lay is a Principal Sales Engineer at TXOne Networks, a global leader in OT/ICS security. With her vast experience as a network security engineer for organizations in various industries, Debbie is focused on all aspects of solution design, deployment, and implementation of cybersecurity strategies for operational efficiency and secure processing. Debbie has over 25 years of security experience representing security companies from firewalls/vpn, Data Governance Solutions and Endpoint Security companies.
