Here is something you might not have expected: We have all our cybersecurity students take an energy systems hands-on lab where they spend a session learning to bend metal conduit. We actually have a nice little conduit bending station. Students get to try making several different bends. It is not necessarily an easy thing to do!
Cybersecurity students have some times wondered — especially in the heat of the moment — “Why am I learning to bend metal conduit? This is not what I ever intend to do as a professional!”
I tell them, “I don’t think you will ever bend conduit. But you will never look at a facility — and especially the conduit — the way same again. That’s what makes us different from ‘traditional’ cybersecurity programs.”
To me, a fundamental part of bridging the IT-OT gap is appreciating another perspective — learning to value the training, competencies and objectives of someone else; and, maybe even to revere differently competent technical professionals as artists in their own right!
The conduit bending exercise also gets the students thinking about the cables — not just power, but communications. Near the end of the program, in our Critical Infrastructure Defense class, we discuss attack vectors — who, when, and where could a structured threat actor strike? The point of the cables comes back up — and when re-enforced with examples of tapping tools — the security implications of every inch of cable suddenly make a lot more sense!