IFCR and Bureau Veritas Cybersecurity strengthen OT security in the Nordics by appointing Hanne M. Hansen.

How does the OT security landscape look in the Nordics?

The Nordics are technologically advanced, but our high degree of digitalization creates new risks. We are dealing with complex environments where modern cloud-based solutions exist side by side with 20–30 year old OT systems. The combination creates a significant attack surface.

From my perspective, the Nordics have high ambitions, but it is still the integration between IT and OT that lags. Many organizations have not yet established a unified governance and risk picture across the value chain.

What are the biggest challenges?

There are five recurring problem areas that appear across sectors:

• Legacy systems, because older OT environments can rarely be patched without planned shutdowns. Vulnerabilities are therefore allowed to live longer.
• Lack of IT/OT governance due to unclear roles, unclear processes, and no shared risk understanding between IT and OT.
• Regulation and compliance pressure from e.g. NIS2, the Cyber Resilience Act, IEC 62443, and NCCS impose stricter requirements on documentation and process maturity.
• Complex and global supply chains, where a weak link in one place can affect the entire chain.
• Shortage of OT competencies is a structural challenge in the Nordics that I hope we can address in the future. The amount of available workforce is too small.

Which sectors are particularly vulnerable?

The energy sector is the most critical, for the simple reason that everything stops if the power does. All other sectors depend on it: trains, water supply, hospitals, industry, traffic, and communication. The risk is not only about threats but also about how great the consequences are when something goes wrong.

How can organizations strengthen their resilience?

Start with governance. Always. Clear roles, responsibilities, and decision-making paths are the foundation for everything else. Use NIS2 as a minimum framework and IEC 62443 as the technical basis.

The key is to design resilience from the beginning, not as a simple afterthought. Companies must build security into their factory design, operations, and governance, not just react to audits.

Which trends will shape the future?

Three major trends will be decisive over the next 3–5 years:

• Compliance becomes a license to operate
• Resilience over security
• Geopolitics and the threat landscape intensify

NIS3 is looming on the horizon, and the requirements will only become stricter.

What role do IFCR and Bureau Veritas Cybersecurity play?

As independent advisors, we combine local presence with deep technical and strategic expertise across IT, OT, and critical infrastructure.

We cover the entire spectrum from strategic advisory to technical testing. We help organizations stay resilient in a market where security is crucial for operations, contracts, and trust.