OT Cybersecurity Risk Assessments in the Power Industry
Discover methods, findings, and lessons directly from the energy industry.
In this episode of Energy Talks, host Simon Rommer speaks with his colleague Jaron Stammler, OT Cybersecurity Consultant at OMICRON, about how OT cybersecurity risk assessments are conducted in the power industry. Drawing from current experiences in substations and battery energy storage systems (BESS), they walk through how assessments are initiated, structured, and executed in practice.
The discussion highlights the gap between theory and reality, especially when assessments are performed late in project lifecycles due to regulatory or project constraints. Jaron explains the fundamentals of the IEC 62443-3-2 risk assessment process, including system scoping, risk identification, and zone and conduit modeling, while also addressing common challenges such as missing documentation and limited stakeholder availability.
The conversation emphasizes that cybersecurity is an ongoing process and that effective assessments provide actionable insights, prioritized risks, and practical mitigation strategies tailored to each project.
Get more information about security risk assessments:
“We are most often called during the building phase, where security is an afterthought, yet still required by legislation, the investor, or the future asset owner. And this is where it gets messy.”
Jaron Stammler
OT Cybersecurity Consultant