Regardless of this, infrastructure operators have been underinvesting in OT safety. Based mostly on Lee’s anecdotal expertise, about 95% of cyber spend is targeted on IT, and simply 5% on OT. The latter even have distinct operational calls for: Programs typically should run repeatedly for years, require redundancy, and rely upon exact, millisecond-level responsiveness.
Cybersecurity mindsets should account for OT’s distinctive bodily environments, lengthy {hardware} lifecycles, and evolving threats, mentioned Lee. These dictate totally different practices, applied sciences, and coverage responses. “Regulators and policymakers should acknowledge these vital distinctions when setting coverage,” he mentioned.
He warned: “Let’s be clear: The timeline to take motion in opposition to this rising menace is brief, and the results of failure might, and sure would, be individuals dying.”
