Network cybersecurity (IT and OT) and control system organizations have fundamentally different objectives and criteria when it comes to identifying and addressing cyber incidents. The Verizon Data Breach report, the Dragos 2025 Report, and the OT I Impact Score are typical of OT cyber incident reporting that equate data breaches and ransomware with cyber incidents. Industry and government network security organizations cannot continue to ignore control system cyber incidents because the incidents don’t meet their narrow definition – this is a governance failure masquerading as a vocabulary issue. Network and engineering organizations need to accept the same cyber incident definition, and both network security and engineering organizations receive appropriate controls ystem cyber incident training. Otherwise, comparing numbers and impacts from network versus control system cyber incidents will continue not only to be an exercise in comparing apples to oranges, but will also leave our critical infrastructures dangerously cyber vulnerable.
https://www.controlglobal.com/blogs/unfettered/blog/55360902/ot-cybersecurity-is-a-governance-failure-masquerading-as-a-vocabulary-issue
