About This Project
Modern networks often interconnect Information Technology (IT) and Operational Technology (OT) systems, but current academic curricula lack the integration of security standards necessary to prepare the workforce for securing these hybrid environments. A security weakness in IT-OT interconnection can enable attackers to laterally pivot from enterprise IT into OT systems like manufacturing plants, power plants, and water utilities — potentially causing disruption in the physical environment.
This project develops, delivers, and disseminates a suite of ten curriculum modules — including lectures, hands-on labs, handouts, and instructional videos — to integrate security standards into the academic curriculum at Ohio University and beyond. The modules take a scaffolding approach aligned with Bloom’s Taxonomy, building from foundational knowledge of IT-OT convergence to advanced skills in zero trust architecture, continuous monitoring, and incident response. Lab exercises leverage open-source tools including GNS3, pfSense, and VyOS alongside a portable virtual Industrial Control System (ICS) testbed. The resulting modules will be freely available for adoption by other institutions of higher education.
Project Team
Curriculum Modules
| # | Module Title | Learning Outcome | Bloom’s Level | Status |
|---|---|---|---|---|
| 01 | Introduction to IT-OT Convergence and Its Associated Cybersecurity Risks | Differentiate between IT and OT environments and express basic OT risk concepts. | Understand | In Development |
| 02 | Introduction to ICS Architecture and Security Guidelines | Recognize ICS network levels and discuss basic security controls for OT. | Understand, Remember | Planned |
| 03 | Networking Fundamentals in a Converged IT-OT Environment | Develop an IT-OT network diagram and demonstrate where to place segmentation controls. | Apply, Understand | Planned |
| 04 | Secure Network Architecture and Segmentation Strategies | Identify weaknesses in a given network architecture and apply segmentation controls to enhance security. | Analyze, Apply | Planned |
| 05 | Implementing Security Controls and Detection in IT-OT Networks | Analyze threats and determine appropriate security controls for an OT environment. | Analyze, Apply | Planned |
| 06 | Secure Remote Access and Network Defense in OT | Analyze an OT network architecture and develop a secure remote access outline. | Analyze, Apply | Planned |
| 07 | Zero Trust Architecture (ZTA) for IT-OT Networks | Evaluate an OT network architecture and construct a Zero Trust enhancement plan. | Evaluate, Analyze, Apply | Planned |
| 08 | Continuous Monitoring and Security Metrics for OT | Design an OT security dashboard and measure the effectiveness of security controls. | Create, Evaluate | Planned |
| 09 | Incident Response and Recovery in Converged Environments | Evaluate a network architecture and create an incident response plan. | Create, Evaluate | Planned |
| 10 | Capstone: Secure IT-OT Network Design Project | Create a security program and design policies and architecture synthesizing all prior knowledge into a coherent plan. | Create | Planned |