Asset Context and Alert Severity in ICS/OT: Why the Same Activity Can Mean Very Different Things

(Follow-up to: “Observing Baseline vs Anomalous Modbus Traffic – A Beginner’s ICS/OT Security Lab”) Introduction In my previous lab, I focused on a foundational skill in ICS/OT security operations: establishing a baseline and identifying anomalous pr...