by Bret Bergman
Contributing Editor

Who is accountable?  As we help our industrial clients operationalize cyber security and harmonize IT and OT, this question is always front and center.  This article from Verve offers a thought-provoking perspective on OT cyber governance and lays out five principles for establishing the right governance model for OT cyber security in your organization. It’s a very worthwhile read and whether you completely agree with Verve’s perspective or not, I believe you will find it thought provoking.

The perspective I found most intriguing was “there is no ‘single point of authority and accountability’…the right governance involves coordination and shared decision-rights across IT, security/risk management, operations, and finance. Although it would be nice to have a standard construct where accountability and authority are vested in one person or organizational function, this is almost impossible given the realities of managing operations assets and processes.” 

To a certain extent, I agree with them. It is very difficult given today’s highly complex organizations where IT and OT are struggling to work together to have single-point accountability.  But in my experience, the lack of a single point of accountability leads to finger pointing and often, “the tragedy of the commons.” I’m curious to hear others’ perspectives who read the article.

Leave a Reply

Your email address will not be published. Required fields are marked *