Inside S4x26, where hands-on testing, debate, and proof-of-concept demonstrations set new standard for OT security
Publish Date: 2026-01-25 01:41:00
Source Domain: industrialcyber.co
Using an unordered list, summarize the following article with between 4 and 8 key points.
As the industrial cybersecurity community prepares for the upcoming S4x26 conference, running from Feb. 23 to Feb. 26, the event is shaping up to be one of the OT (operational technology) and ICS (industrial control systems) security’s most important events of the year. In an industry that finds itself constantly trapped between building on and endlessly rehashing talking points, S4 is known for catalyzing new modes of thinking and creating space for public debate, testing, and demonstrating what actually works in today’s rapidly evolving threat environment.
With real-world problem-solving baked into its DNA, the S4x26 will debut a Proof of Concept Pavilion that adds a new level of realism with eight products that intimately engage with a complete industrial automation stack that leverages Siemens and Rockwell Automation systems through a full SCADA (supervisory control and data acquisition) layer, demanding clarity on exactly which problems are solved, how success is measured, and what it truly requires to field these technologies.
The agenda has been designed to offer a mix of deep-dive technical tracks and community formats across three stages, prime rooms, Birds of a Feather meetups by sector, and the famously relaxed Cabana Sessions by the pool. Keynotes, invited talks and panel sessions will address regulatory change and emerging threat landscapes as well as resilience practices and next-generation architectures in traditional IT and OT paradigms.
S4x26 is also bringing back the Women in ICS Security scholarship program, emphasizing a sustained focus on broadening representation and participation within the industrial cybersecurity community. The program will award ten scholarship packages this time. Alongside, S4x26 will officially support the Women in ICS Dinner, which has grown into a significant community fixture, prompting S4 to step in and help with logistical support and funding.
Combined, these efforts speak to a strategic commitment to growing a more diverse industrial security arena, not as an add-on to the conference but as part of the fabric of its culture and goals.
What truly stands out at S4x26 goes beyond the content; it’s the culture, as hundreds of practitioners who don’t just soak up ideas but challenge them, remix them, and take them to the field. With attendee numbers cruising towards the 1,100 cap, this year’s event ‘is designed to break you out of your normal thought patterns.
Why the future of OT security is being decided in Europe
Noting that industrial cybersecurity conversations shifted noticeably from awareness and tooling toward outcomes such as resilience, engineering accountability, and operational impact well over five years ago, Dale Peterson, founder of the S4xEvent and CEO/catalyst at Digital Bond, told Industrial Cyber that defining success is an issue the community, even the leaders, are struggling with. “Or even worse, not even attempting to answer yet. It’s why metrics are such a big part of S4. We have very little hard data on what security controls are actually reducing the likelihood and by how much. The data is clearer on consequence reduction.”
Secure by design has moved from aspiration to regulation, with initiatives like the Cyber Resilience Act and growing pressure on vendors and integrators. Addressing how this shift is influencing the types of conversations and the technical depth he wants S4 to facilitate, particularly across engineering, product development, and asset owners, Peterson said that Steve Lipner, co-author of Microsoft’s Secure Development Lifecycle, was at the S4x09 keynote (in 2009). “A lack of knowledge, the how to do secure by design, hasn’t been the problem. I thought INL’s Consequence-Driven, Cyber-Informed Engineering (CCE) was a major step forward in integrating engineering and consequence reduction into design, but that was back in 2019.”
He added that the impact CRA will have on risk reduction and cyber posture improvement is an interesting question, as it will certainly increase the cost to address regulatory risk.
“At S4x26, we have a debate on this (Resolved: In 3 years CRA will have significantly increased the OT security posture and reduced OT cyber risk in the EU countries), a panel on the impact of global regulationwith a global vendor (Schneider Electric) and global asset owner (Dupont), and a few other regulation sessions,” Peterson mentioned. “The energy on OT security regulation is clearly in the EU.”
How S4 is cutting through AI hype in OT security
AI is increasingly part of both the threat narrative and the defensive roadmap in industrial environments. Looking at how Peterson is approaching AI at S4 in a way that cuts through hype and zeroes in on credible use cases, risks, and architectural implications for OT systems, he said there is very little focused on the threat narrative, aside from one session examining how long it would take to create a DNP3 version of Frosty Goop using Claude. “We have a couple of sessions on AI’s use in defense. These are showing specific cases and details. We received over 50 AI-focused sessions, but almost all wouldn’t have shed light on the issue for the advanced OT security pro.”
Highlighting that AI will be part of several sessions related to the theme of S4x26: Connect, Peterson said that he expects “AI will increase the ease and value of connections, particularly via MCP servers. We have Aron Semle of HighByte giving one of the keynotes to open eyes on the world OT security pros will need to secure. The business wins achieved with these new connections to share data with context will not allow security to stop them. BTW, these connections will also be between non-security and security systems. For example, security systems can query the maintenance app to see if an outage was planned or if the firmware was upgraded.”
Effects of stealthy cyber threats to critical infrastructure
Over the past year, there has been growing concern about long-term, low-visibility attacks aimed at degrading operations rather than causing immediate disruption. Looking at how this is changing the way threat modeling, detection, and resilience discussions are being shaped at S4, Peterson said that adversaries are trying to obtain and maintain a presence on critical infrastructure networks to be positioned for a possible future attack. “This is not a new concept or reality. Just more well-known in the media and subsequently the general public.”
He noted that the past year has continued the trend of ransomware on IT, preventing operations from delivering the product and service, even when the attacker has not accessed OT. “These represent over two-thirds of the cyber attacks with a physical consequence, and an even higher percentage of the financial loss and other damage. Some call them OT attacks. Whatever you want to call them, if you can’t confidently say ransomware, on IT will not have an unacceptable impact on your ability to deliver your product or service … why are you spending money on anything else in OT security? The data are clear.”
Inside S4’s creative engine for industrial security
S4 has always attracted a mix of deep technical practitioners, executives, and researchers. As the industry grows and diversifies, works to balance depth with accessibility, and shapes the next generation of industrial security leaders, Peterson said the conference does not have such a grand goal or view of itself, even though its tagline is ‘Create The Future.’
“We get the 1,100 of the world’s best in a creative environment and throw a lot of ideas at them. Some crazy ideas. Some conflicting ideas,” he said. “Then we give them time to spend outside the sessions in a fun environment that breaks their patterns. Stand back and watch the people connect and ideas flourish.”
Peterson added, “We design all aspects of S4 for the advanced OT security pro (note: advanced doesn’t mean technical). The top 5% in the industry and those who have a pioneer or early adopter mindset. All are welcome. There’s no test to pass or approval needed to buy an S4 ticket. That being said, many beginning in OT security or looking for good practice, lessons learned, or program overview sessions likely would be happier at other events. There are many great OT security events for them. S4 is designed for the person who knows most of that and wants to know what’s next.”
Next phase of OT security is about trust, not controls
Looking ahead to 2026 and beyond, Peterson examined which assumptions about industrial cybersecurity no longer hold and how the community should rethink its priorities if the goal is not just protection, but sustained operational trust in increasingly autonomous industrial systems. “There is a huge amount of conventional wisdom in OT security that is wrong. Again, this isn’t new; the conventional wisdom hasn’t changed much, it just has a bigger megaphone.”
Adding that maybe wrong is too strong, Peterson said that “an OT security pro needs to know the OT security 101 and 201, and then use their judgment in determining what risk reduction actions to take and what not to do. It varies drastically by sector, company, plant, and even subsystem or line. The trend is for an increasing number of government agencies, standards groups, and industry groups to create an ever longer list of critical controls. Many of these have little or no impact on risk reduction in a specific system.”
He added, “What we need is the OT security pro to use their experience and judgment to pick the right mix of security controls and consequence reduction actions for their company or client. And to measure the risk reduction impact of everything they do. You shouldn’t spend money on anything in OT cyber risk management that [doesn’t] have a metric to determine implementation is correct and a metric on what risk reduction is being achieved.”
Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.
