Why must IT and OT be treated as a single unit during cyber recovery?

OT systems depend entirely on IT infrastructure for access, identity management, and control. Treating them as separate domains creates dangerous gaps during incident response when foundational IT services must be restored before OT systems can be accessed or operated.

What should organizations prioritize first when recovering from a cyber incident?

Foundational infrastructure services like identity management, network connectivity, and DNS must be restored first. Without these core capabilities, applications and data remain inaccessible regardless of their backup or recovery state.

Critical Actions CIOs Must Take to Prepare for Cyber Crises

Name: Critical Actions CIOs Must Take to Prepare for Cyber Crises
Uploaded: 2026-02-28T12:28:11-05:00
Duration: 1 min 42 s
Description: TL;DR IT and OT systems must be treated as a single integrated unit because cyber threats do not respect organizational boundaries and OT systems cannot be accessed without underlying IT infrastructure. Foundational services like identity management, n...

Commvault

02/28/2026

0 (0%)

Report Like Favorite

TL;DR

IT and OT systems must be treated as a single integrated unit because cyber threats do not respect organizational boundaries and OT systems cannot be accessed without underlying IT infrastructure.
Foundational services like identity management, network connectivity, and DNS must be prioritized first in any recovery scenario since applications remain inaccessible without these core capabilities.
Organizations must practice recovery procedures before a crisis occurs, drawing on lessons from nuclear generation environments where preparation and rehearsal are standard operational requirements for high-stakes scenarios.

Summary

Jay Cavalcanto, CIO of Constellation Energy, delivers a concise executive briefing on cyber crisis preparedness drawn from his experience in highly regulated critical infrastructure environments including nuclear generation. He outlines five essential actions for IT leadership: treating IT and operational technology as a unified system since cyber threats ignore organizational boundaries, prioritizing foundational infrastructure like identity management and network connectivity as prerequisites for application access, practicing recovery procedures before an actual crisis occurs, avoiding siloed thinking about cloud, SaaS, and on-premises systems, and deeply understanding data dependencies and recovery sequencing. Cavalcanto emphasizes that the increasing complexity introduced by AI and distributed architectures makes systematic preparation and data flow understanding non-negotiable for business continuity. His framework reflects lessons from environments where operational failure carries catastrophic consequences, positioning cyber resilience as a business survival imperative rather than a purely technical concern.

Chapters

0:00 - Introduction and Framework Overview
0:12 - IT and OT Convergence
0:27 - Foundational Infrastructure Priorities
0:38 - Practice and Preparation Requirements
0:58 - System Integration and Data Dependencies

Key Quotes

0:12 "There's no way you're going to be able to access or even engage your OT systems without your IT systems. So think about them as a single unit."
0:21 "Cyber threats do not know org charts."
0:38 "You do not want to be doing this for the first time during a crisis."

Categories:

Tags:

Show more Show less

TL;DR

Summary

Chapters

Key Quotes

Service Account Security in the Age of AI: From Legacy Accounts to Agentic Identities

Beyond the Alert – Building the Human Centric Agentic SOC

How Purpose Brands scales IT with Zendesk ITAM

Cultivating Trust as a Foundation for the Agentic Consumer in 2026

Insights from the 2026 Keepit Annual Data Report on SaaS Data Protection