CyOTE provides a methodology for energy sector asset owner-operators to combine network-based sensor data with local context to recognize faint signals of malicious cyber activity before an adversary can cause higher-impact effects. This session covers the history of CyOTE to explain how the key insights came about, and then walks through the methodology as a way to put those insights into practice, showing how it complements other high-priority investments and activities in energy sector OT cybersecurity.

We’ll dive a bit more deeply into the science of human performance underlying this as opposed to the threat and cybersecurity details, noting that this work is focused more at the organizational level than the individual, with the goal of helping us all understand how we may be able to replicate the benefits of human performance that the real-time system operator community has embraced, that the protection and controls community has embraced, and get that goodness into the operational technology cybersecurity community!