L2 Concerns Detail Editor
Concern #553 | Security and Cyber Requirements Integrated Too Late
Title
Security and Cyber Requirements Integrated Too Late
0
characters
Description
Physical security, cyber security, and operational technology assurance may be treated as later specialist topics rather than embedded design and delivery requirements.
0
characters
Origin
0
characters
Desired Outcome
Security and cyber requirements are built into architecture, supplier expectations, testing, and acceptance from the outset.
0
characters
What Could Go Wrong
Late security findings force redesign, retesting, segregation changes, or re-approval of digital and control systems.
0
characters
Current Situation
Specialist assurance areas are often deferred until systems become more concrete, by which time change is expensive.
0
characters
Strategy Narrative (JSON)
0
characters
Proposed Strategy
Define security and cyber requirements early, flow them into packages, monitor evidence production, and include them explicitly in design and test reviews.
0
characters
Action Strategy (JSON List)
+ Add Step
×
Cause
Security and cyber assurance are not fully embedded in mainstream project controls.
0
characters
Event
A late-stage review exposes gaps in design, configuration, or supplier evidence.
0
characters
Consequence
Systems acceptance and operational readiness are delayed.
0
characters
Notes
0
characters