1. The Key Theme: From Words to Action in OT Security

This year’s conference highlighted that many organizations have made significant progress in terms of plans, policies, and documentation, yet there remains a gap between what is planned and what is actually implemented in OT environments.

Several of the incidents discussed involved so-called “test attacks” targeting Nordic organizations—methods used by threat actors to assess detection and response capabilities. This is happening in parallel with the rapid adoption of A Itools, which make it far easier to exploit legacy vulnerabilities in OT systems.

The message was clear: it is time for concrete action—not more documentation.

2. Where Does the Organization Really Stand Today?

Many organizations experience cyber attacks, but very few speak openly about them. This makes it difficult to learn from past incidents and contributes to the same mistakes being repeated.

The conference also highlighted a concerning rise in “living off the land” attacks, where threat actors remain hidden within systems for weeks, months, or even years without being detected.

In addition, several persistent misconceptions continue to exist across the industry:

• “Our systems are not connected to the internet.”
• “A firewall is sufficient.”
• “We are not an attractive target.”

These myths were a recurring theme in many of the professional discussions.

‍

‍

3. A Thought-Provoking Look at the Future of the Energy Sector

One of the most compelling presentations came from DNV, which shared projections for global energy consumption.According to their analysis, consumption is likely to peak around 2036—not because demand decreases, but because we become more efficient and adopt smarter technologies.

Greater efficiency means more digitalization, and more digitalization means new attack surfaces. DNV also presented a statistic that stood out: 62% of Norwegians identify cyber threats as their greatest concern. This reflects a growing awareness of how critical technology has become to maintaining societal stability and security.

Another striking example came from Ukraine, where parts of the power grid are being rebuilt as software-defined solutions. This illustrates the profound transformation underway in energy systems—and the critical importance of security in the infrastructure that holds society together.

4. The Biggest Challenges in OT Monitoring

The most commonly cited challenge among conference participants was the gap between IT and OT. IT environments typically have maturity, established processes, and clearly defined roles. OT environments, on the other hand, are responsible for continuous operations, safety, and maintaining systems that are often decade sold.

When these perspectives fail to align, it can lead to:

• Limited visibility into what is actually happening in OT networks
• Security measures that do not fit operational realities
• Unclear responsibilities during incidents

This represents one of the greatest opportunities going forward: making OT security an integrated part of the organization’s overall security strategy.

5. How SNOK® Addresses These Challenges

In OT environments, it is often not possible to isolate or shut down equipment when an attack is suspected—the consequences can be severe.

This makes continuous monitoring and passive detection essential.

SNOK® is specifically designed for such environments: a passive monitoring solution that provides visibility into industrial networks without disrupting operations. The solution is built to serve as a shared tool for both IT and OT teams.

6. Misconceptions That Increase Risk

A recurring misconception in the industry is that OT systems can—or should—be patched to the latest versions. The reality is that many systems are 20–30 years old and cannot be updated without introducing a risk of failure or downtime.

As a result, OT security must focus on living with vulnerabilities and protecting the environment through other means. Monitoring and detection therefore become critical components of an effective security strategy.

‍

‍‍

7. One Clear Recommendation: Start the Journey,Not the Project

Regulatory frameworks such as NIS2 often make organizations feel they must be “fully compliant” before taking action. The most important message from the conference was the opposite:

• Start by gaining visibility
• Set realistic milestones
• Improve step by step

This is a journey—not a one-off project.

8. TheHighlight: The Nordic Professional Community

For Tor Ommund, the greatest highlight of the conference was the many conversations with professionals from across the Nordic region. He describes a community characterized by a strong willingness to share knowledge, learn from one another, and collaborate.

This is particularly important as the Nordic region holds significant expertise and is well positioned to compete with much larger international players.

9. The WayForward: More Sharing, More Collaboration

The conference revealed a clear need for more arenas dedicated to experience sharing in OT security—spaces where both failures and successes can be openly discussed, and where learning can take place across industries and national borders.

Secure-NOK will continue to play an active role in this effort, contributing hands-on experience from real-world monitoring, detection, and risk management, with the goal of helping build a safer and more resilient digital society.