July 14-16, 2025 | Minneapolis, MN
Become a Sponsor
Register Now
Topics

Enhancing Cybersecurity in Operational Technology: Strategic Sensor Placement for Threat Detection

July 15, 2025
Lakeshore A
Cybersecurity

The growing complexity of energy sector operations and infrastructure demands robust cybersecurity measures, particularly in monitoring and detecting malicious activities that could compromise operational technology (OT) environments. Effective cybersecurity strategies must move beyond general monitoring to focus on precisely positioned sensors that enhance visibility into OT network traffic and detect indicators of potential attacks.

This presentation from Idaho National Laboratory shares insights gained from working with electric power asset owners to develop strategies for deploying OT network traffic sensors in ways that maximize their effectiveness. Asset owners and operators (AOOs) continuously monitor real-time operational data, such as power flows and equipment status, but this data alone is often insufficient for identifying cyber threats. Properly specified and positioned sensors can bridge this gap, providing critical insights into device behaviors and network anomalies—key elements in identifying and mitigating attacks before they cause significant harm.

Traditionally, sensor placement is aligned with network topology, prioritizing the collection of large volumes of data. However, many organizations fail to consider which potential cyberattacks could have the most severe consequences and what precursor events might signal an impending breach. Drawing from Cyber-Informed Engineering (CIE) principles, this paper introduces a methodology that aligns sensor capabilities and placement with the high-priority events they need to detect, optimizing anomaly detection for environments such as substations, control centers, and OT demilitarized zones (DMZs).

Key topics addressed include:

  • Methodology for Selecting Sensor Locations – Leveraging knowledge of operational processes, critical assets, and communication interdependencies to improve visibility and threat detection.
  • Overcoming OT Traffic Monitoring Challenges – Addressing limitations in current OT monitoring capabilities and implementing a structured approach for effective sensor deployment.
  • Developing a Comprehensive Visibility Strategy – Enhancing situational awareness by integrating diverse data sources to inform cybersecurity decisions and preemptively mitigate threats.

By implementing strategic sensor placement and disciplined monitoring, AOOs can make informed cybersecurity decisions, proactively defend against cyber threats, and ensure the security and resilience of their operations in an evolving technology and threat landscape.

Speakers
Jeremy Jones
Jeremy Jones, Critical Infrastructure Analyst - Idaho National Laboratory