Outdated Risk Models and Fragmented Response Frameworks Jeopardize Advancements in OT Cyber Resilience - Tech Digital Minds
As we move into the next decade, the protection of critical infrastructure will hinge on the ability of nations to not just defend against, but also to measure and quantify resilience against an increasing array of cybersecurity threats. The attacks we see today are not only growing in number, but also in sophistication, necessitating a departure from traditional risk assessment models that often rely on outdated assumptions.
Critical infrastructure encompasses vital services such as utilities, transportation, healthcare, and manufacturing. These sectors are increasingly reliant on Operational Technology (OT), which controls physical processes. The intersection of IT and OT has created a complex landscape where cyber threats can lead to real-world impacts. A case in point is the recent cyberattack on Jaguar Land Rover, which resulted in an estimated financial blow of £1.9 billion affecting over 5,000 UK organizations. Such incidents illuminate the need for more precise metrics that encompass both the immediate and long-term impacts of cyber disruptions.
Traditional risk models often fell short, relying on static assumptions that may not hold true amidst fast-evolving threats. Today, the need arises for dynamic risk models that adapt in real-time. Experts argue that the evaluation of resilience should not only measure how to stop an attack, but also assess how well organizations can continue essential operations during such an event. Metrics like Mean Time to Detect (MTTD) and Mean Time to Recover (MTTR) are significant indicators of resilience.
Durgesh Kalya, a network security expert at Covestro, emphasizes that resilience must extend beyond mere cyber defenses. "It should be defined or measured using the mean time to detect (MTTD), mean time to recover (MTTR), continuity of critical operations, and the ability to maintain safety margins during disruptions," he explains.
Danielle Jablanski from STV adds that resilience in OT must also focus on continuing operations during a compromise, not just recovering from it. This perspective underscores the necessity of tighter integration between cybersecurity practices and operational decision-making.
The integration of IT and OT remains a significant hurdle in building cyber resilience. Defenders need to isolate cyber threats before they impact critical operations. This requires a comprehensive understanding of how threats can propagate through the various layers of both IT and OT systems.
Shiv Kataria from Siemens India highlights the importance of anticipating, detecting, and recovering from disruptions while ensuring operational safety. He notes that organizations need to measure resilience through evidence of preparedness, operational drills, and operational continuity even in stressful situations.
Current frameworks like IEC 62443 must evolve to incorporate dynamic real-time data, continuous monitoring, and live threat intelligence. Kalya points out that many organizations still rely on infrequent assessments, which can lead to a false sense of security. Instead, compliance should involve continuous improvement, regularly updating to meet emerging threats.
The shift from static checklists to more adaptable frameworks is critical. Jablanski observes that frameworks like IEC 62443 become much more effective when paired with real-time threat intel and process-aware monitoring, enabling organizations to adapt quickly to changing landscapes.
The consensus among experts is that true resilience requires proactive rather than reactive incident management. Kalya advocates for a structured incident management program that integrates OT, IT, safety, and emergency response teams, emphasizing preparedness over reaction.
Jablanski stresses the importance of a thorough audit to define success metrics: knowing your assets and understanding how they interconnect can prevent disruptions before they escalate into crises. Proactive measures must blend preventive, engineered safeguards with rehearsed responses.
Integrating cybersecurity insights with engineering and operational decision-making is essential for effective resilience. Kalya stresses the need for organizations to translate technical data like indicators of compromise into operationally relevant insights. This requires placing cybersecurity teams alongside engineers to foster collaboration and mutual understanding.
Visibility into assets and processes is crucial for understanding the impact of cyber incidents. Jablanski recommends conducting crown jewel analyses to understand which equipment is most vital, enabling organizations to prioritize controls and resources effectively.
Looking ahead, experts anticipate significant cultural shifts that intertwine safety, reliability, and cybersecurity into a unified approach to resilience. Kalya envisions a future where organizations can design systems that inherently integrate security and operational capabilities from the outset.
On the other hand, Jablanski warns that substantial changes may only be prompted by a large-scale cyber incident within critical infrastructure, emphasizing that it’s imperative for organizations to take independence in securing their systems now to avert such crises.
Ultimately, the success in fortifying critical infrastructure will heavily depend on collaboration between multidisciplinary teams. Working together to understand the unique drivers behind technology adoption and risk will pave the way for a more secure landscape.
As we approach the ever-evolving cybersecurity frontier, the path to resilience will be illuminated by innovation, vigilance, and cooperation across diverse sectors engaged in safeguarding our critical infrastructure.
The Future of Demo Automation Software: Top Picks for 2025 In today's rapidly evolving market,…
Building a Multi-Agent Research Team System with LangGraph and Google’s Gemini API In today's fast-paced…
Essential Tech Tips for Parents Navigating the Digital Age In today's world, screens, apps, and…
When the familiar hum of digital banking fell silent, M-Shwari users in Kenya found themselves…
Weekly Cybersecurity Roundup: Innovations and Insights from October 2025 As the digital landscape continues to…
On October 14, 2025, the European Data Protection Board (“EDPB”) announced its focus for the…