The article argues that the real cybersecurity problem in critical infrastructure is not simply the familiar issue of IT/OT convergence, but a deeper divide between engineering and network security cultures. Joe Weiss explains that network security teams usually focus on Ethernet networks, routers, firewalls, switches, and data protection, while engineers are concerned with physical equipment and processes such as pumps, valves, turbines, transformers, sensors, and the laws of physics that govern them. Because of this difference, failures in network security are often understood as data incidents, whereas failures in control systems can produce physical consequences that do not necessarily resemble conventional cyber events. Weiss presents this mismatch as a structural problem rather than a minor communication issue.

He further contends that the divide begins in education and then hardens in industry. Computer science programs often do not expose students to engineering, while engineering curricula frequently omit cybersecurity, leaving both sides poorly equipped to understand the other. According to the piece, this gap affects sectors such as electric power, water, oil and gas, pipelines, manufacturing, and transportation, and is reinforced by the limited overlap in professional communities and conferences. The article also serves as a preview of a Grid Podcast discussion featuring Weiss and Darrell Eilts, CIO of the Sewage and Water Board of New Orleans, as well as their forthcoming IEEE Computer paper, both of which will examine why these two groups struggle to work together. The central conclusion is direct: infrastructure cannot be truly cybersecure when engineering and network security remain culturally separated.

‍

Source: https://www.controlglobal.com/blogs/unfettered/blog/55367315/how-to-close-the-cultural-gap-between-engineering-and-network-security