Erkan Teskancan
Corporate
- Thread Author
- #1
Cybersecurity in operational technology (OT) for industrial operations is still being implemented too late in most capital investment projects, which increases risks and costs in the long run.
A new global Cybersecurity Report prepared by Black & Veatch and Takepoint Research reveals that cybersecurity should be integrated early with a strategic design approach in the construction of critical infrastructure. The report notes an increase in attacks targeting OT systems and industrial control structures, yet 72% of respondents report that cybersecurity is either considered too late or not at all in projects.
### Cybersecurity Must Start Early
The "security by design" approach is highlighted in the report. This approach emphasizes the importance of defining OT systems and industrial control architecture, network connections, and accountability at the project's inception. Security changes after the design and construction phases can be difficult and costly.
Charlie Sanchez, President of Black & Veatch Infrastructure Consulting, states, "If cybersecurity is not included in the project scope from the beginning, it cannot be provided later. This is a critical matter of public safety, economic stability, and national resilience."
Ian Bramson, Vice President of Global Industrial Cybersecurity at Black & Veatch, said, "Security must be verified at every stage; merely complying with regulations is no longer sufficient. Leaders must go beyond minimum standards and design for long-term resilience."
### Key Findings of the Report
- 78% agree that early cybersecurity implementation reduces disruptions and downtime in OT systems.
- While 43% see a lack of expertise as an obstacle, 77% state that external support helps them start early.
- Only 24% say that a cybersecurity plan is always or often included in the early stages of projects.
- Three-thirds of participants report that a strong business case for cybersecurity is the most important incentive.
The report clearly demonstrates that cybersecurity must be integrated with design in critical infrastructure projects and guides industry stakeholders.
