The checklist problem behind critical infrastructure cyber safety (opens in new tab)

An asset owner can meet major federal cyber compliance standards and still run equipment that lacks the engineering to withstand an attack or a failure. New research from George Mason University examines how United States cyber policy defines reasonable care for systems that control physical processes, and it finds that compliance has become a stand-in for safety. The work covers operational technology in critical infrastructure: industrial controls, medical devices, transportation systems, a...