Proceedings of the

The 33rd European Safety and Reliability Conference (ESREL 2023)
3 – 8 September 2023, Southampton, UK

A Continuous OT Cybersecurity Risk Analysis and Mitigation Process

Geir Kjetil Hanssen1,a, Christoph Alexander Thieme1,b, Andrea Vik Bjarkø1,c, Mary Ann Lundteigen2, Karin Bernsmed1,d and Martin Gilje Jaatun1,e

1SINTEF, Norway.

2Norwegian University of Science and Technology (NTNU), Norway.


Operational Technology (OT) systems are becoming increasingly software-driven and connected. This creates new digitalization opportunities but can also increase the risk of cyber security breaches than can have severe consequences. Through a close dialogue with Norwegian actors in the oil- and gas industry and insight into the IEC 62443 standard we propose a process model for continuous risk assessment and mitigation. This paper explains the phases and details of the model and discusses its limitations and further work.

Keywords: Cyber safety and security, Operation technology, Patch management, Risk analysis.

Download PDF