OTCC Joins Cyber Safety Summit Discussion on the Future of Cyber Safety in Critical Infrastructure

What does it take to build cyber safety into a project from the beginning instead of bolting it on later?

That question was at the center of a conversation OTCC members joined last week at the Cyber Safety Summit, where cybersecurity practitioners, engineers, project leaders, and facility operators gathered to discuss how cyber safety principles can be better integrated across the lifecycle of critical infrastructure projects.

The panel, "Incorporating Cyber Safety Technologies into a Project," featured OTCC Board Chair Alison King of Forescout Technologies alongside OTCC members Chuck Weissenborn of Dragos, Megan Samford of Schneider Electric, Ronak Shah of Shift5, and other panelists. Together, they explored the practical realities organizations face as cybersecurity and safety become increasingly interconnected.

One message surfaced repeatedly throughout the discussion: you can't protect what you can't see.

Whether the conversation focused on asset inventories, continuous monitoring, or system oversight, visibility into operational technology environments emerged as a foundational requirement for improving cyber safety outcomes. Just as importantly, panelists stressed that visibility alone is not enough. The information collected needs to be shared with the people responsible for making decisions, operating systems, and managing risk across a project.

The discussion also turned to a challenge familiar to many organizations involved in infrastructure development. Cybersecurity requirements are often introduced late in the process, if they are included at all. As a result, proposals that omit cyber considerations can sometimes appear more attractive during procurement, even though they may create greater operational risk over the long term.

Building cybersecurity expectations into project requirements from the outset can help change that dynamic. When security is treated as a baseline requirement rather than an optional enhancement, project teams are better positioned to deliver systems that are both resilient and safe.

Panelists also exchanged views on incident reporting, patch management, workforce readiness, and whether new certification models could help close persistent gaps in standards and accountability. One idea discussed was the potential for a framework that would bring greater consistency to cyber safety expectations across critical infrastructure sectors.

While the topics ranged widely, the conversation ultimately came back to a simple reality: cyber safety is not owned by a single department. It depends on collaboration among engineers, operators, cybersecurity teams, technology providers, and project leaders. The earlier those groups come together, the stronger the outcome is likely to be.

We appreciate the Cyber Safety Summit team for bringing together such a diverse group of voices and for including OTCC in the discussion. As the intersection of safety and cybersecurity continues to evolve, these conversations will only become more important.