Executive summary from Episode 4: Connect IT and OT detection, of a 4 part OT Resilience Webinar Series.
The final episode of the OT Resilience Blueprint 2026 series brings together the full arc of the journey. From asset discovery to threat detection, protection, and the operational integration that makes security sustainable at scale. This session is anchored by the real-world stories from John Ballentine, Head of OT Cybersecurity at the Port Authority of New York and New Jersey. An organisation responsible for airports, tunnels, bridges, ports, and transit infrastructure serving six million people per week, the ultimate depiction of Critical National Infrastructure. John shares the hard-won lessons from building a mature, connected IT/OT security programme from the ground up. He is joined by Richard Groome, Head of OT at e2e assure, and Dominic Carroll, Director of Portfolio Marketing.
Starting From Zero: What Building an OT Security Programme Really Looks Like
When John Ballentine joined the Port Authority of New York and New Jersey, OT security was described in his own words as an afterthought. There was no centralised risk register, no consistent asset inventory, and no structured approach to remediation. Risk was identified and addressed sporadically. The diversity of the operating environment (spanning aviation, transit, marine, and building systems across dozens of facilities) made the challenge of achieving meaningful visibility feel almost intractable. This experience will resonate with many CISO and OT security leaders operating at UK critical national infrastructure organisations. The starting conditions are remarkably consistent: legacy systems, siloed ownership, disconnected inventories, and a governance model that was not designed with cyber risk in mind. What Ballentine’s experience demonstrates is that even in this context, a structured, maturity-driven approach can deliver a programme that regulators, executives, and operational teams can all recognise as robust.
“What executives and operational leaders understand is operational risk and impacts. In our case, we measure risk by human life — because of the nature of our organisation.”
— John Ballentine, Head of OT Cybersecurity, Port Authority of New York and New Jersey
Translating OT Risk Into a Language Executives Act On
One of the most practically valuable insights in this episode is the discussion of how to secure executive buy-in for OT security investment. Technical language (vulnerability counts, CVSS scores, Purdue model topology) does not move executive decisions. Operational risk and human impact do. For the Port Authority, the case was made through a scenario analysis of the Holland Tunnel smoke evacuation system: if that single OT system failed during peak rush hour gridlock, the modelled consequence was up to 35,000 potential casualties. That framing, grounded in the specific operational realities of the organisation, turned a budget conversation about cybersecurity tools into a discussion about organisational responsibility. For UK critical infrastructure organisations, the equivalent framing will differ by sector: financial impact of production downtime in manufacturing, regulatory consequences of a reportable NIS2 incident, or public safety implications of a disruption to energy or water supply. The principle is consistent: security investment decisions are made on the basis of business risk, not technical indicators.
“Budget conversations around cybersecurity can be challenging, especially if you frame them purely in technical language. Even when you evolve those discussions into vulnerabilities or threat indicators, executives do not necessarily connect with them.”
— John Ballentine, Head of OT Cybersecurity, Port Authority of New York and New Jersey
What Mature Looks Like – and the Gaps That Remain
Perhaps the most striking moment of the series comes in this final episode, when Ballentine reflects on a discovery made even after the Port Authority had developed what was widely regarded as a mature OT security programme. When surveying approximately 150 critical OT systems on their disaster recovery posture, only 5% of asset owners knew their maximum tolerable downtime. Backup systems had not been tested in years. Some backup data centres no longer existed. For organisations earlier in their journey, it reinforces the value of addressing all four pillars of the maturity model – asset control, threat detection, threat protection, and connected resilience – rather than treating security as a purely technology problem.
“Only 5% of asset owners knew their maximum tolerable downtime. Even as mature as our programme is, I can still be shocked by what we do not know.”
— John Ballentine, Head of OT Cybersecurity, Port Authority of New York and New Jersey
The Blueprint: Bringing It All Together
The OT Resilience Blueprint 2026 series closes with a clear framework for what a connected, mature IT/OT security programme requires: a complete and continuously maintained asset inventory as the foundation; detection capability extending from the enterprise perimeter down to the process control layer; response and recovery plans that have been exercised under realistic conditions with clear decision authority; and an integration layer — SOAR enablement, automated alert dispatch, and meaningful dashboards — that makes the programme operationally sustainable for the teams who have to run it every day. The journey from where most organisations start to where they need to be is not a short one. But as Ballentine’s experience at the Port Authority demonstrates, it is achievable — with the right partners, the right tools, and a leadership commitment to treating OT security as the business-critical discipline it has always been.
“We are all on the same side of the table. There are more bad guys on the other side than there are good guys on ours. Never forget that OT security saves lives.”
— John Ballentine, Head of OT Cybersecurity, Port Authority of New York and New Jersey
Watch the Full Episode – and the Entire Series
Episode 4 includes John Ballentine’s full account of building and scaling the Port Authority’s OT security programme, a detailed discussion of SOAR integration and connected IT/OT monitoring, and practical guidance on what a 12-month programme of improvement looks like from asset discovery through to operational resilience. All four episodes of the OT Resilience Blueprint 2026 series are available on demand. If you are looking to benchmark your current maturity, build the business case for investment, or explore how e2e assure can support your OT security programme, we welcome the conversation.
► Watch Episode 4 on demand: OT Security in Practice: Connecting IT and OT Monitoring for Critical Infrastructure – YouTube