COMMENTARY: Traditionally, chief information security officers (CISOs) concentrated on protecting digital data, corporate networks and IT environments. Meanwhile,
operational technology (OT) systems — found in critical sectors such as manufacturing, energy and transportation — operated in isolation, prioritizing stability and continuity over cybersecurity.
However, as OT systems become more integrated with IT networks, CISOs now face the added challenge of securing both digital and physical assets.
[
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
The time for complacency has passed, companies now need to secure legacy OT systems. It’s no longer optional. These outdated systems, designed long before cybersecurity was a consideration, are now prime targets for sophisticated cyber threats. With critical infrastructure increasingly under siege, the stakes have never been higher. A breach in OT systems can bring entire production lines to a standstill, cripple power grids, and shut down vital services — disrupting not just digital operations, but the very functioning of society itself.
Even more concerning, if
CISOs fail to get this right, the worst-case scenario following an OT breach could be a loss of life — and it’s not out of the question. For example, the oil and gas industry relies on OT systems to keep refineries, pipelines and drilling platforms safe. A cyberattack on these facilities could trigger explosions, fires and massive disruptions of essential services, endangering workers and nearby communities.
For instance, the 2023 LockBit ransomware attack on U.S. utilities exposed how vulnerable OT systems are in the energy sector, potentially jeopardizing millions of people’s accesses to electrictity. Similarly, the 2022 attack on the Ukrainian power grid caused significant operational disruptions, and underscored the growing risk of OT attacks being used as a geopolitical weapon.
The
2017 TRITON malware attack on a Saudi petrochemical plant’s safety systems, though it didn’t cause an explosion, reminds us of the deadly potential of cyberattacks aimed at compromising safety critical systems. These incidents show that the threat of sabotage in high-stakes environments is no longer just a risk — it is an escalating, ever-present danger.
Similarly, OT systems in water treatment and chemical plants are vital for safe operations and maintaining public health. A cyberattack could lead to contaminated drinking water or toxic chemical releases, endangering nearby residents. Also, in industries like oil and gas, downtime in critical infrastructure, such as an oil pipeline being offline in the dead of winter, can have life-threatening consequences, leaving entire regions without essential energy supplies.
Simply put, the integration of IT and OT has revolutionized industries, creating new efficiencies, but exposing once-isolated OT systems to a growing range of cyber threats. While this convergence unlocks new opportunities for innovation, it also brings significant challenges. Today’s CISOs are responsible for safeguarding digital assets and also the critical OT infrastructure that powers industries. This will require a deep understanding of the unique vulnerabilities in OT systems, from legacy equipment to real-time safety mechanisms, and the ability to manage risks across both realms.
To address these risks, forward-thinking CISOs are embracing advanced strategies like zero-trust security models, AI-powered threat detecton and real-time monitoring to safeguard OT environments. While traditional approaches like network segmentation remain crucial, these targeted approaches allow for granular, adaptive defenses that can better address the dynamic and sophisticated nature of modern cyber threats. Just as digital transformation has reshaped industries like energy, manufacturing and healthcare, effective OT cybersecurity today requires adaptability and foresight, and the agility to respond to evolving threats, the ability to anticipate risks and a proactive, continuous defense strategy.
Bridging the IT-OT divide
For instance, one of the biggest challenges in the IT-OT convergence is the cultural and operational divide that exists within organizations. Traditionally, IT focused on data security and digital continuity, while OT prioritized uptime and safety. This division often leads to competing priorities, with IT and OT teams approaching cybersecurity from distinct perspectives. CISOs must act as the catalysts for cultural transformation, breaking down the walls between IT and OT to forge a unified, high-performing security strategy. Failure to integrate these teams now could spell disater when the next cyberattack strikes.
Obviously, that’s not going to happen overnight. Successful CISOs are addressing this divide by implementing integrated security operation centers (SOCs) that bring together IT and OT monitoring in real-time, adopting unified risk management frameworks that align both domains under a single, cohesive strategy and fostering cross-disciplinary threat intelligence sharing, simulations and table-top exercises. These advanced solutions break down silos between IT and OT teams, and also enable faster, coordinated incident responses, driving proactive security measures that enhance resilience.
Learn from failures
Much like other industries adapting to new technologies, OT cybersecurity has been shaped by both successes and setbacks. In some cases, organizations only make meaningful security changes after they suffer cyber incidents. Effective OT cybersecurity requires not just learning from failures, but using those lessons to anticipate and neutralize the next threat before it materializes. CISOs must foster a proactive security culture where real-time threat intelligence and predictive analysis are integral to daily operation, preparing teams not just for recovery but for prevention.
They must adopt a mindset that values learning from these failures to continuously improve OT security. For instance, mistakes like underestimating OT complexity or disregarding frontline insights can lead to costly disruptions. By analyzing these incidents, however, CISOs can develop more proactive, resilient security strategies. This all becomes part of a forward-looking, business-driven approach that many CISOs are adopting. Cybersecurity is no longer just an IT concern — it’s now an important factor influencing strategic planning and investment decisions.
In an era where cyber threats constantly evolve, CISOs will need to foster a culture of continuous learning and adaptability. We need to create an environment where IT and OT teams learn from each other, stay updated on the latest threats and adapt and adjust security measures as needed. By aligning security efforts with business priorities, CISOs ensure that security contributes to long-term organizational success and resilience.
Proactive vs. reactive security in OT
In traditional IT security, many organizations take a reactive approach, focusing on mitigating incidents after they occur. However, the stakes in OT environments are far higher for reactive security alone. OT disruptions can lead to operational halts that affect both revenue and safety, making a proactive stance is essential. CISOs must shift focus from merely responding to incidents to anticipating and preventing threats before they escalate.
Achieving proactive security in OT involves more than just monitoring, it requires continuous identification of vulnerabilities, regular risk assessments, and enhanced detection systems. Leveraging advanced threat intelligence, automated anomaly detection, and predictive analytics can help detect vulnerabilities and emerging threats early — often before they manifest as major incidents. These tools allow CISOs to stay ahead of potential risks, minimize downtime, and protect critical assets.
While implementing these measures requires investment in technology and resources they are essential to maintaining the integrity of OT systems, ensuring operational continuity, and safeguarding both infrastructure and business operations. As industries become more dependent on interconnected systems, proactive security strategies are not just a best practice — they are vital for long term organizational resilience.
Embrace technological disruption
As digital technologies disrupt traditional industries, the rise of connected OT devices — such as smart sensors, actuators and remote terminal units — introduces new cybersecurity challenges. These devices enhance operational efficicency, but also expand the attack surface of OT systems, which were once isolated. Modern CISOs must adopt advanced technologies, including AI-driven threat detection, to stay ahead of evolving threats.
However, it’s crucial that any AI adoption gets preceeded by a thorough risk assessment. Implementing AI without fully understanding its implications for the OT environment could introduce unintended vulnerabilities or interfere with critical processes. AI-powered tools for example can help analyse massive amounts of data from OT systems, identify anomalies, and detect potential threats early.
But integrating AI into OT requires carefull evaluation of its potential risks and benefits, especially in highly sensitive or safety-critical environments. Passive monitoring tools and predictive analytics can also play an important role, allowing CISOs to identify vulnerabilities and forecast risks without disrupting operations. These tools offer early warnings of potential failures and help reduce costly downtime, but their effectiveness must be continuously monitored and validated to ensure they remain reliable in real world OT settings. By thoughtfully evaluating these technologies and integrating them with caution, CISOs can strengthen their OT security strategies, enhancing resilience while maintaining operational integrity.
Align cybersecurity with business continuity
OT cybersecurity is not only a technical issue: it’s a critical component of business continuity planning. OT systems are directly tied to revenue-generating operations, making OT cybersecurity essential for protecting the organization’s bottom line.
In industries like manufacturing and energy, where OT downtime can result in significant financial losses, CISOs play a pivotal role in ensuring seamless, uninterrupted operations. By aligning cybersecurity initiatives with core business goals, CISOs can protect the organization’s critical infrastructure, and also demonstrate the tangible value of OT security investments to stakeholders. This strategic alignment ensures that cybersecurity is not seen as a standalone IT issue but as an integral part of the organization’s overall business strategy, safeguarding both immediate and future business continuity. n.
Now that cyber threats increasingly target critical infrastructure, regulatory bodies are holding organizations accountable for OT security. This external pressure resembles the push that industries face when adapting to disruptive technologies. For CISOs, staying ahead of regulatory changes and ensuring compliance is no longer a choice: it’s a matter of protecting critical OT environments and the organization’s future.
Fail to act now, and the pressure will only mount. Board members and stakeholders increasingly recognize the importance of OT cybersecurity and are urging CISOs to prioritize it as part of their broader cybersecurity strategy. The time to prioritize is now, or risk falling behind.
Embrace the future of OT cybersecurity
The evolving role of the CISO in OT cybersecurity underscores the need for proactive and adaptable strategies in today’s era of digital disruption. Systems must adapt or become obsolete, and cybersecurity must follow suit. CISOs must step up as strategic visionairies — leaders who don’t just manage risk, but shape the future of their organizations. They must bridge cultural divides, harness emerging technologies, and ensure that cybersecurity is tightly woven into the fabric of the business strategy.
Success demands more than just technical know-how. CISOs must become catalysts for change, driving collaboration, securing essential resources and embedding cybersecurity into every facet of their organizations. As OT and IT continue to integrate, the CISO’s role will keep expanding, demanding forward-thinking, bold leadership, adaptability and foresight.
CISOs who embrace this mindset will lead their organizations through the complexities of OT cybersecurity, safeguarding critical infrastructure against emerging threats.
Martine Chlela, global head of delivery, industrial cybersecurity, Black & VeatchSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
