Back

Assess and Monitor Cybersecurity Risks in Operational Technology (OT) Systems

URN: TECDT611401
Business Sectors (Suites): IT(Cyber Security)
Developed by: ODAG
Approved: 2025

Overview

This standard defines the competencies required to assess and monitor cybersecurity risks in Operational Technology (OT) environments. It covers identifying OT assets, analysing threats and vulnerabilities, evaluating safety and operational impacts, and maintaining visibility of changing risk conditions across industrial systems. It also includes evaluating risks associated with legacy OT technologies, supply-chain dependencies, IT/OT convergence, and modern regulatory frameworks.

This standard is intended for OT cybersecurity analysts, risk specialists, and engineers responsible for identifying, assessing, and monitoring cyber risks affecting industrial systems.

Performance criteria

You must be able to:

  1. Identify OT assets, systems, and interdependencies to support accurate and complete risk assessment.
  2. Analyse OT threat intelligence to identify relevant threats and attack scenarios.
  3. Assess OT-specific vulnerabilities considering technical constraints, safety implications, and operational impacts.
  4. Evaluate OT risk levels using recognised frameworks, organisational criteria, and safety requirements.
  5. Validate OT risk findings through collaboration with engineering, safety, IT, and operational teams.
  6. Monitor OT environments to identify anomalies, threat indicators, and changes in risk posture.
  7. Assess supply-chain risks affecting OT systems, components, and service providers.
  8. Record OT risk findings in accordance with organisational, regulatory, and safety reporting requirements.
  9. Review and update OT risk assessments to reflect operational, technological, and threat changes.

Knowledge and Understanding

You need to know and understand:

  1. Types of OT systems and components, including Supervisory Control and Data Acquisition (SCADA) systems, Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), Human-Machine Interfaces (HMIs), and Internet of Things (IoT) / Industrial Internet of Things (IIoT) devices.
  2. OT assets, architectures, and interdependencies within industrial and safety-critical environments.
  3. OT threat vectors including ransomware, insider threats, supply-chain compromise, national intelligence, and sector-specific risks.
  4. OT vulnerability types including protocol weaknesses, legacy technologies, unsupported platforms, and constrained patching environments.
  5. Methods for assessing OT risk including scenario analysis, hazard-based approaches, and safety impact evaluation.
  6. Safety functions and the relationship between cybersecurity and functional safety.
  7. Business impacts of OT cyber risks including downtime, product integrity, environmental harm, and regulatory exposure.
  8. Supply-chain risks relevant to OT components, services, and ecosystems.
  9. Monitoring techniques for OT environments including anomaly detection and behaviour-based analysis.
  10. Regulatory and industry frameworks relevant to OT risk management including NIS2 and the Cyber Assessment Framework.
  11. IT/OT convergence considerations and their impact on network and security boundaries.
  12. Requirements for documenting and reporting OT risk assessments.
  13. Emerging risks associated with cloud-connected OT, edge computing, and digital transformation.

Scope/range

Scope Performance

Scope Knowledge

Values

Behaviours

Skills

Glossary

OT (Operational Technology)
Systems that monitor or control physical processes in industrial environments.

ICS (Industrial Control System)
A collection of control components such as PLCs, RTUs, sensors and HMIs used to operate industrial processes.

SCADA (Supervisory Control and Data Acquisition)
A type of control system used to monitor and manage distributed industrial assets.

SIS (Safety Instrumented System)
Systems designed to detect hazardous conditions and take automated action to prevent unsafe events.

SIL (Safety Integrity Level)
A measure of the reliability required for safety functions within SIS.

Threat Intelligence
Information about cyber threats relevant to industrial environments and sector-specific risks.

Legacy Systems
Older OT systems with limited security features and restricted patching capability.

IT/OT Convergence
Integration of information technology with operational technology, creating shared risks and dependencies.

CAF (Cyber Assessment Framework)
A UK framework defining principles for assessing cyber resilience in critical sectors.

Supply-Chain Risk
Cybersecurity risks arising from vendors, integrators, service providers, or components used in OT systems.

Anomaly Detection
Monitoring for abnormal behaviour that may indicate faults, misuse, or cyber threats.

Links To Other NOS

External Links

Version Number

1

Indicative Review Date

2029

Validity

Current

Status

Original

Originating Organisation

ODAG Consultants Ltd.

Original URN

TECDT611401

Relevant Occupations

Information and Communication Technology Professionals

SOC Code

2139

Keywords

Operational Technology (OT), Cybersurity, Safety-critical systems, Cyber-physical systems