{"id":228449,"date":"2026-06-09T05:10:00","date_gmt":"2026-06-09T09:10:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/09\/where-ot-cybersecurity-breaks-down-in-critical-infrastructure\/"},"modified":"2026-06-09T05:20:09","modified_gmt":"2026-06-09T09:20:09","slug":"where-ot-cybersecurity-breaks-down-in-critical-infrastructure","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/09\/where-ot-cybersecurity-breaks-down-in-critical-infrastructure\/","title":{"rendered":"Where OT cybersecurity breaks down in critical infrastructure"},"content":{"rendered":"

Where OT cybersecurity breaks down in critical infrastructure<\/a><\/p>\n

https:\/\/economymiddleeast.com\/news\/where-ot-cybersecurity-breaks-down-in-critical-infrastructure\/<\/a><\/p>\n

Publish Date: 2026-06-09 05:10:00<\/a><\/p>\n

Source Domain: economymiddleeast.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. The difference between organizations that are genuinely resilient and those that only appear to be those who move from reactive protection to structured, risk-based resilienceThe systems that keep power flowing and water running have always been critical. What has changed is the environment around them. Cyber threats are no longer isolated or purely technical\u2014they are shaped by increasingly automated and often aimed at the infrastructure that underpins daily life.At the same time, the way utilities operate is evolving. As automation platforms become more connected and software-driven, cybersecurity is no longer something layered on after the fact\u2014it is becoming part of how these systems are designed and managed. Yet despite increased investment and attention, many organizations continue to face familiar challenges.Not because the risks are unknown, but because the way cybersecurity is approached often doesn\u2019t align with how operational environments actually function.Leadership gap and operational risk multipliesAcross many utilities, cybersecurity still begins on the plant floor, handled by engineering teams juggling limited resources and competing priorities. The result is uneven. Some sites are tightly managed; others are left more exposed than anyone would like to admit. This fragmented approach becomes especially risky in operational environments where a single vulnerable facility can disrupt power distribution, water treatment, or wastewater management.What\u2019s often missing is clear ownership at the top. When cybersecurity sits outside the boardroom, it stays incomplete. Priorities get set by whoever has bandwidth rather than by what actually matters most. The organizations that get this right have made one fundamental shift \u2014 they stopped asking engineering teams to own a business risk and brought it upstairs. That means making hard choices about which sites carry the greatest exposure, getting IT and OT speaking the same language, and committing real investment to incident response, secure remote access, and continuous visibility. The difference between organizations that are genuinely resilient and those that only appear to be those who move from reactive protection to structured, risk-based resilience.Visibility gap and when asset visibility is incompleteFor many water and wastewater utilities, the problem starts more simply: incomplete visibility into assets across IT and OT environments. Most utilities don\u2019t have a complete picture of what\u2019s running across their environments \u2014 and many don\u2019t realize how incomplete that picture is. Devices get added, remote connections get established, legacy systems stay in place long past their intended lifespan. Nobody decided to make the environment opaque. It just became that way. The risk sharpens at the points where IT and OT touch, because those intersections are exactly where adversaries look for a way in. The organizations making real progress are those who have live asset inventories, assessments on a cadence that reflects how fast environments change, and network monitoring to catch drift before it becomes exposure. That foundation doesn\u2019t just improve security \u2014 it makes compliance more manageable and incident response faster when it counts.Engineering gap and when cybersecurity isn\u2019t built into operationsIn critical infrastructure, cybersecurity doesn\u2019t stop at data. It extends to the systems that move water, generate power, and keep operations running. Power generation, water treatment, and wastewater systems operate in environments where a cyber incident can translate directly into safety risks, service disruptions, or equipment damage. And yet many cybersecurity strategies still focus heavily on IT controls, overlooking how systems behave in the real world if those controls fail.That\u2019s where engineering starts to play a different role. Instead of relying only on prevention, teams begin to design systems that can absorb failure\u2014limiting what an attacker can actually do. For example, introducing physical or operational safeguards\u2014such as delays, fail-safes, or process constraints\u2014can prevent malicious commands from causing immediate harm. It\u2019s a subtle shift, moving from trying to prevent every breach to managing what happens when prevention isn\u2019t enough. Because in operational environments, resilience isn\u2019t just about keeping attackers out. It\u2019s about making sure systems remain stable when something goes wrong.Read: How the data center construction boom is shifting from hype to executionOrganizational gap, siloed and breaking downMany organizations still treat cybersecurity as something to install\u2014another system to configure and maintain. But even well-designed systems don\u2019t go very far on their own. People need to use them, trust them, and understand why they matter.Good systems, poorly adopted \u2014 that\u2019s the failure pattern most consistently seen. Technology doesn\u2019t secure an environment; people operating it with confidence do. And in operational settings, that human layer is complicated. You\u2019re working across internal OT engineers, IT colleagues with different risk mindsets, third-party vendors, and often public institutions with their own governance constraints. Getting security to work across that web requires genuine alignment \u2014 on system design, on processes that don\u2019t create friction people work around, and on building enough trust that concerns get raised rather than quietly bypassed. In the end, cybersecurity in critical infrastructure is less about a single solution and more about how well people and organizations work together.Capability gap, stretched teams and difficult to sustainUnderneath most OT cybersecurity gaps is something straightforward: teams that are already fully committed, handed a responsibility that keeps expanding. OT teams run lean by design. Their job is uptime, safety, and continuity \u2014 and they do it well. Cybersecurity layered on top is a discipline that demands sustained attention as threats keep evolving. Programs that launch well can quietly degrade without ongoing expertise behind them. What works is a different model \u2014 not outsourcing security, but genuinely extending capability. Working with automation providers and specialists who understand OT environments and stay engaged across a system\u2019s lifecycle. Regular testing, not just initial hardening. Response plans the team has actually practiced, not just filed. The goal is not to shift responsibility, but to extend capability\u2014ensuring that cybersecurity is not a one-time effort, but a sustained and manageable part of operations.Liam Hurley is President for the Middle East and Africa at Emerson.
<\/p>\n","protected":false},"excerpt":{"rendered":"

Where OT cybersecurity breaks down in critical infrastructure https:\/\/economymiddleeast.com\/news\/where-ot-cybersecurity-breaks-down-in-critical-infrastructure\/ Publish Date: 2026-06-09 05:10:00 Source Domain:…<\/p>\n","protected":false},"author":1,"featured_media":228450,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/economymiddleeast.com\/wp-content\/uploads\/2026\/06\/Untitled-1-copy-5.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24],"class_list":["post-228449","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/228449"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=228449"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/228449\/revisions"}],"predecessor-version":[{"id":228451,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/228449\/revisions\/228451"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/228450"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=228449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=228449"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=228449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}