.svg){kind=spacer}
May 24, 2026
May 24, 2026
The article argues that the OT security community has a serious measurement problem: annual reports often suggest cyber threats to operational technology are surging, yet the number of incidents that actually produce meaningful physical consequences remains extremely small. Dale Peterson says both observations can still be true at once. In his view, experienced practitioners know that an attacker who gains real access inside an OT environment could cause medium to catastrophic harm in many operations, especially as attack tools and reconnaissance continue to improve. The problem is that current discussion swings between hype and complacency because there is no good shared way to measure the space between trivial incidents and truly catastrophic ones. To fix that, Peterson proposes adapting the API Recommended Practice 754 process-safety model into a four-tier framework for OT cyber incidents, so that cyber events can be classified not only by what happened, but by how close they came to causing serious physical consequences.
His main emphasis is on the importance of identifying and reporting Tier 2 incidents — cases where an attacker may not have caused major harm, but could plausibly have done so with the necessary skill and intent. Peterson argues that most media-covered OT stories are really Tier 3 events, while Tier 1 incidents with undeniable consequences are hard to hide. That leaves Tier 2 as the missing category needed to understand the true level of danger. He calls on major OT monitoring and incident-response vendors such as Armis, Claroty, Dragos, Nozomi, and others to publish aggregated data on Tier 1 and Tier 2 cases, even if the sample is incomplete. To show why this requires engineering judgment, he uses the Oldsmar water case as an example, explaining that whether an incident is near-catastrophic depends on practical factors such as PLC logic, run mode, pump capacity, chemical volume, independent shutdown mechanisms, and human testing. His broader point is that OT threat assessment cannot be done credibly through cyber vocabulary alone; it must be grounded in process reality, physical constraints, and plant-specific safeguards.
Source: https://dale-peterson.com/2026/04/28/solving-the-what-is-the-threat-to-ot-systems-problem/
