In OT cybersecurity, the most dangerous attack path is not always the most technically elegant one.

It is the one that understands the process better than the defender does.

Too many attack models still start and end with asset inventories, CVEs, firewall rules, and network reachability.

Those matter. But they do not answer the most important OT questions:

What happens to the process if this system is manipulated?
Which control actions create unsafe states?
Where are the safety boundaries?
Which sequence of small changes could lead to downtime, equipment damage, environmental release, or injury?

An attacker does not need to compromise everything.

They may only need to influence one setpoint, one interlock, one valve state, one historian value, or one operator decision at the wrong moment in the process cycle.

That is why OT attack modeling must become process-aware.

It should connect cyber paths to operational consequences:

Network access to process impact.
Control logic to safety constraints.
Process states to attacker timing.
Operator workflows to manipulation opportunities.
Recovery assumptions to real-world dependencies.

A high-CVSS vulnerability on an isolated asset may be less urgent than a low-complexity path to disrupt a critical control loop.

A flat list of assets cannot tell you that.

A process-aware model can.

The goal is not to model every possible attack. The goal is to identify the paths that matter most to safety, reliability, and production continuity.

In OT, risk is not defined by what an attacker can access.

It is defined by what an attacker can cause.

If your attack model does not understand the process, it may be prioritizing the wrong fight.