OT Security/business resilience, lack of incentives for securing software & the news - Ben Worthy - ESW #448

12 snips

Mar 2, 2026

Ben Worthy, an OT security specialist at Airbus Protect with 25+ years across aerospace, nuclear, water and oil & gas, shares views on business resilience in safety-critical sectors. He discusses IT/OT convergence, when redundancy and fail-safes matter, and how supply-chain and third-party failures ripple through operations. He also tackles incentives for secure-by-design products and testing resilience plans.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

OT Security Requires Safety‑First Mindset

OT security must combine engineering safety culture with cybersecurity practices to protect physical systems.
Ben Worthy explains Airbus Protect works across aviation, nuclear, water and energy where cyber incidents can cause kinetic harm, so safety and security must speak the same language.

INSIGHT

IT Attacks Can Paralyze OT Via Convergence

IT/OT convergence means IT-targeted attacks can halt physical operations without directly touching PLCs.
Examples like MES or ERP losing connectivity can stop manufacturing even if OT controllers remain uncompromised.

ADVICE

Prepare Incident Plans And Test Them Regularly

Prepare for incidents assuming they will happen by building and testing incident response and resilience plans.
Ben Worthy recommends identifying critical assets, mapping dependencies and testing plans including third parties to ensure quick recovery and continuity.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Interview - Ben Worthy from Airbus Protect

The current state of OT security and business resilience

In this episode of Enterprise Security Weekly, we sit down with Ben Worthy, OT Security Specialist at Airbus Protect, to explore the evolving landscape of business resilience in safety-critical sectors. With over 25 years of experience across aerospace, nuclear, water, oil & gas, and other industries, Ben shares insights on how organizations are adapting to the surge in disruptive cyberattacks—from ransomware targeting operational technology to GPS spoofing and supply chain incidents. We discuss major cases including the Boeing/LockBit ransom demand, the Jaguar Land Rover production shutdown, and the SITA passenger data breach, examining how aviation and other critical infrastructure sectors are separating safety risk from business continuity risk.

Ben also breaks down the regulatory changes reshaping the industry, including EASA's October 2025 and February 2026 deadlines that tie cyber assurance directly to safety oversight, and what ENISA's latest numbers reveal about hacktivism and ransomware trends. Whether you're in aviation, nuclear, or any safety-critical sector, this conversation offers practical lessons on building resilience that keeps operations moving while addressing threats in real time.

This segment is sponsored by Airbus Protect. Visit https://securityweekly.com/airbusprotect to learn more about them!

Topic: Where are the business incentives to build secure products and software?

"It's the right thing to do," so of course businesses will make their products secure, right? Well, it turns out that breaches and vulnerabilities don't traditionally hurt financial performance all that much. Stocks recover, insurance covers the bulks of the losses, fines are paid, and lawsuits are settled. Most businesses can comfortably absorb the impact, so the threat of reputational harm or financial losses just aren't slowing them down.

In the case of Ivanti, where the reputational harm was extreme, the company's companies continue to get hacked as critical vulnerabilities keep getting discovered in their products.

https://www.bloomberg.com/news/features/2026-02-19/vpn-used-by-us-government-failed-to-stop-china-state-sponsored-hackers

In this topic segment, we don't aim to provide solutions to this problem, just the awareness that ethics, doing the right thing, and even signing the Secure by Design pledge don't seem to be enough to change vendor behavior when it comes to securing products.

The Weekly Enterprise Security News

Finally, in the enterprise security news,

RSA Innovation Sandbox hot takes
Did AI solve cyber?
fundings and acquisitions
a free app to warn you about smart glasses
deep thoughts about OpenClaw
replacing US tech with EU equivalents is hard
should you turn off dependabot?
accidentally taking over 7000 robot vacuums
the director of AI Safety at Meta loses her email somehow
should you go back to using a blackberry?

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-448