Frost & Sullivan and Applied Risk, a DNV company, have joined forces to publish a new white paper outlining practical steps for designing, implementing, and maintaining sustainable operational technology (OT) cyber security programmes.

Securing OT—the control systems that manage, monitor, automate and control industrial operations—is a growing challenge for companies with industrial operations. As OT becomes more connected and networked to IT environments, cyber criminals are increasingly gaining access to, and control of, industrial infrastructure. OT-reliant sectors, including manufacturing, energy, healthcare, and transportation, now appear within the top ten most-attacked industries. The risk of production shutdowns, safety incidents, process disturbance, and other service disruptions is consequently growing.

“A Blueprint for Building Sustainable Operational Technology Cyber Security Programmes” addresses common concerns facing OT security decision-makers as they invest in protecting their organisations against emergent risks.  As per the survey carried out by Frost & Sullivan, these include the following:

  • 40% of OT security decision-makers worry about the potential security risks of IT and OT system integration in their organisation.
  • 37% say their organisation lacks the expertise needed to develop and maintain a sustainable OT security programme.
  • 26% believe that their organisation’s decision-making structure is so complex that it paralyses the OT security planning process.

The white paper is designed to provide accessible advice for overcoming hurdles in designing, building, and operating OT security programmes. Frost & Sullivan’s team of analysts has partnered with industrial cyber security experts at Applied Risk to describe useful actions that should be taken at every stage of a programme’s lifecycle, from setting goals and responsibilities to determining vulnerabilities, selecting countermeasures and governance systems, implementing controls, and embedding assurance schemes. The white paper also includes a checklist of ‘to-dos’ to help cyber security, engineering, and management teams avoid pitfalls along the way.

“The industrial sector cannot excel in its digitalisation and automation efforts without robust cyber security measures in place. At a time of increasing geopolitical tension and tightening regulatory requirements, OT security leaders are under greater pressure to demonstrate that their organisation can manage the risks emerging from an increasingly complex cyber threat landscape. But there is relatively little best practice available on how to build sustainable OT security programmes. The white paper that we have published with Frost & Sullivan aims to provide OT security leaders in need with a framework for success,” said Jalal Bouhdada, Founder of Applied Risk and Global Cyber Security Segment Director at DNV.

“A Blueprint for Building Sustainable Operational Technology Cyber Security Programmes addresses the multiple ingredients needed for OT security programmes to have long-term impact. The white paper gives clear advice on the process and technology considerations that must be made, and it shines a light on the importance of people. We outline the stakeholders who must commit to the programme, the culture that must be realised, and the internal and external skillsets that are needed for its success,” added Danielle VanZandt, Industry Manager—Commercial & Public Security at Frost & Sullivan.


1000+ people have put their trust in G6S Security, how about you?