“Operational technology supports critical infrastructure, and when vendors deliver products with security flaws, it puts the entire ecosystem at risk,” the guide said. The recommendations emphasize resilience by design, allowing organizations to thwart potential attacks and maintain the integrity of their systems without the delays caused by post-breach recovery efforts.
Challenges and implications for retailers and operators
Adopting “Protect on Demand” principles may require significant operational adjustments, especially for vendors and organizations new to these strict guidelines. Vendors are expected to provide transparency regarding security certifications, patching schedules, and future risk mitigation strategies. For OT users, this means realigning procurement practices to align with cybersecurity priorities, potentially delaying detection but ultimately strengthening defenses.
While the guidelines emphasize precautionary measures, experts see challenges for small retailers who may have difficulty complying due to resource constraints. Similarly, modifying existing OT systems to conform to security by design principles can strain budgets and timelines.
Source link