Regardless of this, infrastructure operators have been underinvesting in OT security. Primarily based on Lee’s anecdotal expertise, about 95% of cyber spend is concentrated on IT, and simply 5% on OT. The latter even have distinct operational calls for: Methods typically should run constantly for years, require redundancy, and depend upon exact, millisecond-level responsiveness.
Cybersecurity mindsets should account for OT’s distinctive bodily environments, lengthy {hardware} lifecycles, and evolving threats, mentioned Lee. These dictate completely different practices, applied sciences, and coverage responses. “Regulators and policymakers should acknowledge these vital distinctions when setting coverage,” he mentioned.
He warned: “Let’s be clear: The timeline to take motion towards this rising risk is brief, and the results of failure might, and certain would, be individuals dying.”
