Publicaciones Publications
Publication of the Business Case of Industrial Cybersecurity notebook
Those responsible for industrial cybersecurity must counter threats and plan based on continuous improvement, in line with the continuous technological and other changes that companies face in order to be competitive.
To prepare a project, or rather, to start it, in many occasions it implies substantial changes in the company and / or the need to do a CAPEX. For the latter, internal conformity is needed. And to obtain it, the most widely used means is to submit the project for formal approval through a business case.
There is not normally the figure of an OT cybersecurity manager in industrial organizations, which implies that another role assumes this responsibility, for example, in some organizations the operational security manager or the physical security manager assumes this responsibility, in other organizations it is the person in charge of operations or the person in charge of communications, although it is the person in charge of information security who is usually in charge of industrial cybersecurity. This situation has been taken into account in the development of this document.
This document is available to active subscription members of CCI at the knowledge platform.
The document can be acquired by requesting it from info@cci-es.org
Title
05/05/2026
This document analyzes the success story of Project Hammurabi at Grupo Central Lechera Asturiana, using the NIS2 Directive as a driver to transform its industrial cybersecurity into a model of strategic maturity and governance. Through a structure that emulates the historical legal code, the author José Luis Vega Pardo details the transition from a system of scattered controls to a robust Master Plan that integrates IT and OT environments. […]
22/04/2026
This document analyzes the role of digital twins as a strategic tool to strengthen cybersecurity in industrial environments. Through a technical analysis and a manufacturing use case, the text examines their benefits, implementation challenges, and capabilities for threat simulation. It provides key recommendations for integrating these virtual replicas as essential assets for the operational resilience […]
15/04/2026
This document analyzes OT cybersecurity risks in the railway sector, considered an essential infrastructure. Through expert assessment, it models two key attacks: traffic management intrusion and “trackside” system manipulation. The report details the phases of these incidents, from initial access to systemic impact on operations. Finally, it proposes strategic solutions under the IEC 62443 standard […]
24/11/2025
The new Industrial CRA Position Paper from the Industrial Cybersecurity Center highlights a critical need: adapting the European Cyber Resilience Regulation to the reality of OT environments. Critical infrastructures, legacy systems, decades-long life cycles, and the absolute priority of availability make it impossible to apply the CRA as currently designed. The document proposes a multisectoral […]