Webinar: Bridging IT–OT Gaps: OT-Led Data Transformation in Action

Register Now
Get In Touch
Get In Touch

Why Operational Stability Creates Dangerous Blind Spots in OT Cyber Security

For many OT and critical infrastructure leaders, the clearest signal that systems are secure is that operations continue running without interruption. Production is steady. Operators see no warnings. Control systems behave as expected. Nothing unusual appears in the daily workflow. When everything looks stable, it becomes easy to believe everything is safe.

This assumption is widespread. It feels true. It feels logical. And it creates one of the most dangerous blind spots in OT Cyber Security.

Stability is not the same as security. In fact, stability often hides the very issues that attackers count on.

The Illusion Created by Smooth Operations

Operational technology environments are built for reliability. Redundancy, physical safety systems, deterministic communication, and engineered fail-safes are all designed to keep processes stable. That is exactly why production can continue even when Cyber Security weaknesses sit quietly behind the scenes.

A plant may run without any signs of trouble even when:

  • remote access pathways are outdated,
  • shared or unmanaged credentials still exist,
  • legacy systems are connected to modern networks through undocumented methods,
  • vendor connections bypass normal identity controls,
  • network segmentation looks clean on paper but not in reality.


In most industrial settings, operations go on without interruption because OT systems are engineered to do exactly that. But this is also what creates the illusion of safety. The absence of visible issues is not evidence of strong Cyber Security. It is simply the normal behaviour of a system designed to run safely even when the environment around it slowly changes.

Leaders often inherit OT systems that have evolved quietly over decades. Small configuration decisions made years ago, temporary vendor access that became permanent, engineering changes that were never documented, or legacy network segments that no one revisits can all create unseen weaknesses. Everything works. Nothing breaks. Risk grows quietly in the background.

By the time a Cyber Security issue becomes visible in an OT environment, it is often already serious.

Why Tools Can Drive False Confidence

Many organizations rely heavily on tools for reassurance. Firewalls, endpoint agents, network monitoring platforms, and SIEM systems create the impression of protection. Dashboards show green. Alerts are silent. Everything appears to be under control.

Tools are essential, but they cannot compensate for a lack of visibility or inconsistent governance.

A tool cannot detect an unauthorized remote access session if identity records are incomplete.

A tool cannot properly monitor a segment that the organization did not know existed.

A tool cannot enforce policies when processes do not align with documented practices.

A tool cannot discover misconfigurations hidden behind vendor-managed systems.

In this environment, tools can unintentionally reinforce the illusion that everything is secure. They highlight what they know, not what is unknown. The blind spots persist.

How Hidden Vulnerabilities Become Real Incidents

Many real-world incidents demonstrate how stability masks underlying Cyber Security risk. Attacks against critical infrastructure rarely begin with sophisticated techniques. They begin with the everyday weaknesses organizations overlook.

Consider Colonial Pipeline. A single compromised account created a regional fuel shortage. The intrusion did not originally target OT systems, but operational stability became impossible to guarantee once the attack was discovered. Leaders shut the system down because they could not trust the environment.

Consider Norsk Hydro. A global ransomware incident forced facilities into manual mode because interconnected systems could no longer rely on each other. Manual operation kept production alive, but the operational disruption and recovery costs were enormous.

Consider the Oldsmar water treatment incident. Attackers used shared credentials and outdated remote access to attempt chemical adjustments. Operators noticed the change manually. The system itself did not reveal a problem until the moment a human caught it.

Even in Canada, incidents involving energy and transportation companies show how quickly Cyber Security issues create operational, financial, and reputational consequences. These environments appeared stable right up until they were not.

Each of these incidents started with a small weakness. Each weakness hid quietly. Each organization believed they were secure because operations continued normally. Stability made everyone comfortable. Comfort masked risk.

The Pattern Behind Every OT Cyber Security Blind Spot

After working across multiple industrial sectors, the pattern is clear. Blind spots grow when organizations rely on any combination of the following assumptions:

1. “If something was wrong, we would see it.”

OT systems do not reveal Cyber Security weaknesses through functional disruption.

2. “Our environment has not changed much.”

It has. Even small configuration changes accumulate over time.

3. “We rely on experienced people who know how everything works.”

People change roles, retire, or leave. Tribal knowledge cannot be a security control.

4. “We passed previous compliance checks, so we are fine.”

Past compliance is not evidence of present resilience.

5. “Our tools would tell us if something was off.”

Tools detect what they can see. They cannot detect what is undocumented or poorly governed.

None of these assumptions holds up under modern threat conditions. Attackers take advantage of exactly these gaps because they know OT environments hide risk behind operational stability.

The First Step Is Acknowledging the Illusion

Leaders who acknowledge that stability creates blind spots gain an immediate advantage. They no longer assume that silent systems equal secure systems. They understand that visibility cannot be taken for granted. They recognize that assessments are not audits but sources of operational truth.

This mindset shift is the starting point for meaningful Cyber Security maturity. It leads to deeper questions:

  • Do we actually know every asset connected to our environment?
  • Can we produce evidence for every control we believe is in place?
  • Are identity and access practices consistent or based on habit?
  • How many remote access pathways exist that no one reviews?
  • Are we confident our diagrams reflect reality, or just the past?


When leaders stop assuming and start validating, blind spots disappear.

From Illusion to Clarity: What Leaders Can Do Immediately

Visibility is the antidote to the illusion of security. Leaders can begin strengthening that visibility by:

  • Reviewing remote access pathways
  • Validating identity governance
  • Confirming asset inventories
  • Examining compliance evidence rather than compliance language
  • Checking segmentation against real traffic
  • Reassessing any system that has not been reviewed in more than a year


Even small validation exercises reveal insights. These insights often point to broader patterns that maturity, compliance readiness, or risk assessments can fully clarify.

Why This Matters for Canadian Critical Infrastructure

Energy, utilities, mining, transportation, and water systems form Canada’s national resilience. Each relies on OT systems that must operate safely, consistently, and securely. When leaders rely on old assumptions, they unintentionally place essential services at risk.

Cyber Security in critical infrastructure is not just an organizational responsibility. It is a national one. Recognizing blind spots is the first step toward protecting the systems communities depend on every day.

A Logical Next Step: Go Deeper

If this perspective resonates, the next step is understanding how to uncover these blind spots across posture, compliance readiness, and operational risk.

The full eBook, The Pathway to OT Cyber Resilience, provides a deeper look at:

  • The illusion of security
  • The compliance readiness gap
  • The difference between posture, readiness, and risk assessments
  • Real incidents that shape OT Cyber Security today
  • How leaders build actionable roadmaps


It is the next logical step toward strengthening Cyber Security posture in complex OT environments.

Andrew Capper

Vice President of Industrial Digital Transformation

Linkedin Envelope
Read Bio

Andrew Capper is Vice President of Industrial Digital Transformation at Dexcent, helping industrial organizations improve data-driven decision-making by optimizing the data journey, reuniting siloed information, and delivering a trustworthy version of the truth.

With more than 25 years of experience, he is known as a results-driven leader who delivers on commitments and tackles complex information management challenges with a practical, human-centric approach. His work spans digital transformation strategy and roadmaps, governance, digital maturity assessments, and performance measurement through clear KPIs and metrics. Andrew is a NAIT graduate with training in Instrumentation Engineering Technology and Security Systems, and he brings a strong focus on safer, more effective operations from data producers through to data consumers

Nader Asgharinia

MP, P.Eng.

Vice President of Enterprise SCADA & Advanced Applications.

Linkedin Envelope
Read Bio

Nader Asgharinia, PMP, P.Eng., is Vice President of Enterprise SCADA & Advanced Applications at Dexcent, leading the delivery of complex, mission-critical solutions with a clear focus on client experience and operational excellence. With more than 30 years in business execution and over 25 years managing multi-million-dollar programs for mission-critical and SCADA systems, he brings a pragmatic, delivery-at-scale approach to every engagement. Nader is recognized for building high-performing teams, driving disciplined portfolio execution, and delivering measurable business outcomes, including significant growth in program portfolios and team capacity over time. He holds a B.Sc.(Hons.) in Electrical and Electronics Engineering from the University of Newcastle-Upon-Type in the UK, a B.Sc. in Computer Science from the University of Calgary, completed Georgetown University’s Director’s Program, is a Professional Engineer in Alberta, and a Project Management Professional.

Gerrit Nel

CISSP, CISM – Vice President of OT Infrastructure and Cyber Security Services

Linkedin Envelope
Read Bio

Tobias (Gerrit) Nel, CISSP, CISM, is Vice President of OT Infrastructure and Cyber Security Services at Dexcent, leading the development and delivery of practical services and solutions that integrate, complement, or replace OT infrastructure and protect OT assets from cyber threats. He is known for building resilient security frameworks, governance processes, and integrated solutions that reduce risk and support compliance across diverse industries. Gerrit has over 40 years of relevant IT/OT experience and has built and delivered highly skilled and high-performance delivery teams. His strengths include Cyber Security roadmaps, security architecture, incident response, and alignment to standards such as IEC 62443, NIST, and NERC CIP. Furthermore, he has deep foundational technical experience in Networking and OT infrastructure systems architectures that he leverages in building and leading successful delivery teams. Gerrit holds a B.Sc. in Computer Science from the University of Johannesburg and brings deep cross-sector experience supporting clients in oil and gas, mining, chemical, healthcare, financial, and government environments.

Jaydeep Deshpande

P.Eng. – President

Linkedin Envelope
Read Bio

Jaydeep Deshpande, P.Eng., is a seasoned and decisive executive with over 25 years of experience driving operational excellence, profitability, and market growth in national and multinational organizations. As President, he is recognized for his strategic leadership, disciplined execution, and ability to lead organizations through change. Jaydeep is passionate about developing people, building strong leadership teams, and fostering a positive, performance-driven culture. His expertise spans strategic planning, business diversification, financial management, and organizational transformation, with a consistent focus on delivering growth-oriented, profitable results. He holds a Bachelor of Chemical Engineering from the University of Alberta, is a Prosci Certified Change Practitioner and Project Management Professional (PMP), and has completed the CMA Accelerated Accounting Program, bringing deep financial and strategic insight to executive decision-making.

Karim Amarshi

Chairman of the Board

Linkedin Envelope
Read Bio

Karim Amarshi is Chair of Dexcent’s Board of Directors, providing governance leadership and strategic oversight to support the company’s long-term strategy and executive team. With nearly 40 years as an entrepreneur and owner-operator, he is recognized for building high-performance organizations and forging strategic alliances across Information Technology, government, health care, education, and energy. He is the former co-owner and Chief Executive Officer of one of Canada’s leading enterprise Information Technology solution providers, where he led the organization through three successful mergers and helped scale long-term client and vendor partnerships. Karim remains active across a diverse business portfolio, serving as a founding principal, officer, and advisor to organizations spanning Information Technology, hospitality, manufacturing, retail, and real estate in Canada and internationally.

Yasmin Jivraj

FCIPS, I.S.P. | Board Member

Linkedin Envelope
Read Bio

Yasmin Jivraj, FCIPS, I.S.P., is a Board Member at Dexcent, providing executive guidance and strategic oversight to support corporate management and long-term business direction. Over a 35-year career, she has held senior leadership roles across private, public, and non-profit organizations, with a track record of building operating foundations and driving profitable growth. Following a 15-year tenure as a co-owner and President of one of Canada’s leading strategic Information Technology solution providers, she expanded her governance leadership through active board service in post-secondary education and community-focused organizations. She is recognized for decisive, purpose-led leadership, clear communication, and deep expertise in technology, business models, and methodologies that help enterprise organizations advance digital transformation.

Nadir Jivraj

CEO, Board Member

Linkedin Envelope
Read Bio

As Chief Executive Officer, Nadir is accountable for providing overall leadership and Dexcent’s Industrial operational performance. Nadir has been involved as an executive sponsor with Oil & Gas and Mining companies for over 35 years, and through the years has developed a strong working relationship with the Executive leadership team of many Fortune 500 companies.

Nadir is known for recognizing value and superior investment opportunities in the technology services sector. His pursuit of highly prospective technology companies around the world has resulted in numerous company start-ups. Prior to starting Dexcent, Nadir had led companies through highly profitable business transactions, including the merger of Atlas Systems Group with CompCanada (later renamed Acrodex) in 2000 and later as Chairman of the Board of Axcend Pvt – an engineering solutions provider – based in Bangalore, India from 2004 – 2014. Acrodex and Axcend were sold in 2015