Thoroughly-secured sites strictly differentiate control-critical from non-critical networks and protect the two classes of networks very differently. Such sites determine criticality by the potential business impacts of cyber attacks, analogous to how critical infrastructure standards evaluate potential societal impacts.Secure sites deploy conventional IT Security (IT-SEC) techniques nearly universally, seeking to protect the information. These sites also apply Secure Operations Technology (SEC-OT) techniques to protect control-critical networks from information, more specifically from cyber attacks that may be embedded in information. The difference between these approaches is called out most sharply at the IT/OT interface. Universal visibility into operations has great benefits, but only when accompanied by a strict discipline over control information entering critical networks – and there is always such control information. Join us to explore how a sharp distinction between control-critical and non-critical networks can simplify and strengthen ICS/SCADA network security programs.