SOC Integration for OT/ICS: What Really Works in 2026

Description:

OT and ICS environments are more interconnected today than ever before, yet increasingly difficult to integrate into traditional SOC structures. Many organizations struggle with lack of transparency, incompatible protocols, insufficient detection depth, or the gap between IT and OT teams.

This presentation demonstrates what actually works in 2026, based on real-world projects in industry, aviation, critical infrastructure, and defense tech.

Presentation Topics:

• Which OT/ICS data can be meaningfully integrated into a SOC and which cannot

• Practical detection engineering approaches for ICS networks

• Architecture models for OT SOC integration

• Handling legacy systems, proprietary protocols, and limited logging capabilities

• Playbooks and incident flows that OT teams actually accept

• Governance and compliance aspects (IEC 62443)

• Lessons learned from real OT SOC integration projects

This presentation is aimed at SOC managers, OT security officers, detection engineers, and technical decision-makers who need to operationally implement OT security.