Supply Chain Incidents Reveal the True State of Incident Response as Security, IT, and OT Teams Struggle to Assign Accountability
Published
Question: As attacks exploit trusted software ecosystems and platforms, where do security, IT, and operational teams need stronger coordination and cross-functional visibility?
Charles Randolph, Chief Strategy Officer at 360 Privacy
The threat itself is not new. Supply chain attacks have been a concern for years. What continues to surprise many organizations is how difficult it is to mount a coordinated response when a trusted piece of software becomes the attack vector.
Most discussions focus on the technical problem. In practice, the challenge is often organizational.
Successful response typically requires security, IT, and operational technology (OT) teams to move quickly and in parallel.
Yet each group usually operates with different tools, inventories, priorities, and reporting structures.
Three Issues Consistently Emerge
The first is asset visibility.
When a trusted component is compromised, leaders need to know
- Where it is deployed,
- What it connects to, and
- Which business processes depend on it.
Many organizations still struggle to answer those questions quickly.
- Security teams see what their scanners discover.
- IT teams see what is under management.
- OT environments frequently operate from separate inventories and operational limitations.
- During an incident, those differences become painfully apparent.
The second issue is remediation authority.
Detection capabilities have improved dramatically over the last several years. The challenge now is less about finding the problem and more about deciding who has the authority to act.
- Security may identify the risk, but
- IT owns the change process, and
- operations owns the consequences.
Delays emerge, not because people disagree about the threat, but because accountability for the outcome is often diffuse.
The third issue is the IT/OT boundary.
Over the last decade, organizations have connected operational environments to corporate networks to pursue efficiency, visibility, and data-informed decision-making.
The benefits were real, but so were the risks. When a trusted software component is compromised, the consequences can go beyond information systems and into physical operations.
Unlike traditional IT environments, many operational systems cannot simply be taken offline, patched, or replaced. The business impact may be immediate. This creates a challenge that many organizations have not fully addressed.
- Security teams often understand the threat but lack operational context.
- OT teams understand the operational consequences but may not follow the threat landscape as closely.
During a supply-chain incident, those gaps become visible very quickly. The organizations that perform best are usually those that have already built relationships, established decision authorities, and exercised together before a crisis occurs.
Related
