Cyber Security for Operational Technology

This report identifies and evaluates key cyber security directives, standards and guidelines – including NIS2, CER, IAEA and IEC standards – applicable to OT in the Nordic nuclear context, and analyzes their applicability. It also draws valuable lessons from other safety-critical industries with mature OT security. Based on these insights, the report outlines six strategic focus areas for improvement and provides practical tools – including an OT security self-assessment checklist – to help Nordic nuclear utilities strengthen their OT cyber defenses and meet emerging regulatory requirements.