I find that in today's world it is no longer about one person being "accountable". There is always an interplay of factors, like others have pointed out cyber security has a compliance angle. Other times it is a cost factor, redundancy costs money. Then there is the whole revolving door of employees coming and going, so institutional knowledge about why a decision was made lost with them.
That is hard to do for even a small company. How do you balance all that out for critical infrastructure at a much larger scale?
That is hard to do for even a small company. How do you balance all that out for critical infrastructure at a much larger scale?