Mikael Vingaard

15 years of IT security experience & 10 years more within industrial (OT) critical infrastructure (energy, manufacturing, water and transportation). Subject Matter Expert in ISO27001, IEC62443 and NERC CIP standards. My contributions to a safer industrial environment, includes finding Zero-days and submission of responsible disclosure notification to leading vendors.

Mikael Vingaard, the Industrial Cibersecurity Center Coordinator in Sweden (CCI Coordinators Team), helps us to get in context of the state of the industrial cybersecurity in his country, and to do so, he shares with us his impressions.

He describes the level of sensitivity of industrial organizations in his country according to the following percentages:


He also affirms that the trend of recent years has been an exponentially grown in awareness.

Sweden counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in national presence companies (mainly critical infrastructure). The main organizations are:

  • Swedish Agency for Defence Analysis
  • MSB – Swedish Civil Contingencies Agency
  • The Swedish Energy Agency
  •  Myndigheten för totalförsvarsanalys (MTFA)  (joint agency for defence)
  • Riksdagen (the Parliament)

Among the main national laws and regulations affecting in this context in Sweden, Mikael Vingaard mentions:

  • MSB - The regulations on information security MSBFS 2020:7
  • National strategy for society's information and cyber security (Riksdagen)
  • Information and cyber security in Sweden SOU 2015:23

Analysing the most widely adopted industrial cybersecurity measures by Sweden organizations to protect industrial automation systems, Mikael Vingaard highlights the application of:

  • Industrial cybersecurity consulting / advisory
  • Log correlation

The CCI Coordinator in Sweden characterizes the industrial cybersecurity situation in his country with the following SWOT analysis:


  • Lack of operational technologies certifications, processes and professionals

  • Lack of specific industry cybersecurity legislation


  • Public organizations driven force (industry, national issues and defence).

  • Awareness, especially regarding industrial critical infrastructures

  • National industrial cybersecurity specific CERTs


  • High development of industrial applications without cybersecurity requirements

  • Slow legislation

  • Shortage of local industrial cybersecurity professionals working for manufacturers


  • Increased of cibersecurity demand for Industry 4.0 and the Internet of things.

  • Strategic position in the industrial cyber security sector

Patrocinadores del Centro en el País