In an increasingly connected industry, security is becoming more important. With the NIS-2 directive since mid-October, cybersecurity is now mandatory. IT and OT must be considered together in this context. Digital labs offer a practical development environment for this purpose.
An OT hackathon at Vinci Energies' digital forge demonstrated in a practical way how IT/OT cybersecurity solutions can be developed for the process industry.
Whether denial-of-service, malware, or ransomware attacks—or a unique case like the Stuxnet computer worm—cyberattacks have become an everyday threat. The manufacturing industry, in particular, is increasingly becoming a target. According to a recent study by Cisco, Europe's industry is not well-prepared: more than 80 percent of industrial companies need to take action for better cybersecurity. Since, among other things, the control of plants and machines in industrial parks is often carried out by various process control systems, tailor-made cybersecurity solutions must be developed—there is no standard.
What such a development process looks like in practice was recently demonstrated by an OT hackathon at Vinci Energies' Digital Lab, the Digitalschmiede. Among the numerous use cases exhibited, there is also an application from the process industry that excellently showcases the challenges of IT/OT cybersecurity concepts. Three mixed teams from the Vinci Energies brands Actemium and Axians participated to develop an IT/OT cybersecurity concept for the process industry use case within three days.
Challenges of IT/OT security
With the upcoming implementation of the EU Directive NIS 2, the scope has been significantly expanded compared to its predecessor NIS 1: among other aspects, companies with at least 50 employees are included, and stricter security requirements and incident reporting obligations must be observed. Additionally, there is personal liability for the management and the board in case of non-compliance. This is a major challenge for the manufacturing industry, which must prepare for it.
In addition to legacy systems and the human factor, system landscapes such as various process control systems provide a large attack surface in industrial companies. This is especially true as IT and OT systems are increasingly interconnected—for example, through remote maintenance access and the widespread use of IP-based network protocols. The growing reliance on IT systems in the industry requires increased protection of cyber-physical systems, such as production facilities, automation technology, and operational technology. At the same time, many OT networks lack the necessary protection mechanisms to detect attacks or respond to them if the network is compromised.
The increased use of technologies such as machine learning and big data, along with differing requirements in IT and OT, contributes to the complexity of security requirements. For instance, IT is increasingly relying on cloud solutions, while in OT, portable storage media still hold significant importance.
Advantages of collaboration in business ecosystems
For the OT hackathon, a use case from the process industry set up in the Digitalschmiede was used. The basis of the system is a tank model equipped with various cameras and sensors for remote monitoring and control of process supervision. It visualizes process flows, controls plant components, and records data for analysis purposes. It also serves as a demonstrator for various process control systems from partners Siemens, B&R, and Schneider Electric, where the integration of the Module Type Package allows for easy communication among them.
The use case exemplifies how industrial plants are constructed and operated. Due to its complexity, it requires expertise from both IT (Axians) and OT (Actemium) and the constructive collaboration between the OT and IT worlds to develop comprehensive, efficient, and NIS-2-compliant cybersecurity concepts. The three OT hackathon teams received support from the aforementioned OT partners, cybersecurity solution provider Fortinet, and penetration testers from Soft Scheck, who provided valuable input. Such close collaboration between internal and external experts highlights the advantages of business ecosystems: open sharing to pool expertise closes gaps, creates a common understanding, and enables the development of innovative and tailor-made solutions even in very complex environments.
Seamless transition to customer challenges
After an intensive three-day exchange and careful planning, the three teams presented their different, integrative cybersecurity concepts to the jury, consisting of representatives of the partners. The teams developed a holistic concept that considered physical, technological, and organizational measures. In the joint discussion, the teams agreed to use protection level 3 according to the IEC 62443 standard as the benchmark for the security measures. A protection level 3 means that the showcase is to be protected against intentional misuse by sophisticated methods, specific expertise, and moderate motivation and resources. The insights and concepts gained here will now be further developed into a concrete overall solution and integrated into the tank model for demonstration purposes. The event thus served as a practical example: within the framework of the OT hackathon, it was vividly demonstrated to partners how the development of tailor-made concepts for IT/OT security can be successfully achieved in reality—and in the shortest possible time.
Date: 08.12.2025
Naturally, we always handle your personal data responsibly. Any personal data we receive from you is processed in accordance with applicable data protection legislation. For detailed information please see our privacy policy.
Consent to the use of data for promotional purposes
I hereby consent to Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 7-9, 97082 Würzburg including any affiliated companies according to §§ 15 et seq. AktG (hereafter: Vogel Communications Group) using my e-mail address to send editorial newsletters. A list of all affiliated companies can be found here
Newsletter content may include all products and services of any companies mentioned above, including for example specialist journals and books, events and fairs as well as event-related products and services, print and digital media offers and services such as additional (editorial) newsletters, raffles, lead campaigns, market research both online and offline, specialist webportals and e-learning offers. In case my personal telephone number has also been collected, it may be used for offers of aforementioned products, for services of the companies mentioned above, and market research purposes.
Additionally, my consent also includes the processing of my email address and telephone number for data matching for marketing purposes with select advertising partners such as LinkedIn, Google, and Meta. For this, Vogel Communications Group may transmit said data in hashed form to the advertising partners who then use said data to determine whether I am also a member of the mentioned advertising partner portals. Vogel Communications Group uses this feature for the purposes of re-targeting (up-selling, cross-selling, and customer loyalty), generating so-called look-alike audiences for acquisition of new customers, and as basis for exclusion for on-going advertising campaigns. Further information can be found in section “data matching for marketing purposes”.
In case I access protected data on Internet portals of Vogel Communications Group including any affiliated companies according to §§ 15 et seq. AktG, I need to provide further data in order to register for the access to such content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here. This does not apply to data matching for marketing purposes.
Right of revocation
I understand that I can revoke my consent at will. My revocation does not change the lawfulness of data processing that was conducted based on my consent leading up to my revocation. One option to declare my revocation is to use the contact form found at https://contact.vogel.de. In case I no longer wish to receive certain newsletters, I have subscribed to, I can also click on the unsubscribe link included at the end of a newsletter. Further information regarding my right of revocation and the implementation of it as well as the consequences of my revocation can be found in the data protection declaration, section editorial newsletter.
The two Vinci Energies brands Actemium and Axians have been working together for some time as industrial guardians in cross-functional teams, developing future-proof cybersecurity solutions for industrial customers so that they can fully comply with the NIS-2 directive. The hackathon has once again highlighted the importance of digital labs or innovation labs: when their work is oriented towards practical needs and comprehensive knowledge transfer takes place, they offer an ideal development environment to make a significant contribution to digitization strategies.
:quality(80)/p7i.vogel.de/wcms/af/1e/af1ec4fca4636f521f780ba0ae009c8e/bild3-werkst-c3-bcck-20und-20werkzeug-5204x2928v1v1.jpeg "The main area of application for the new axial gear cutting machine is the production of rotor shafts for electric vehicles. (Image:Profiroll Technologies)")
:quality(80)/p7i.vogel.de/wcms/d1/ab/d1ab452217529e5c29a81add9aca7c22/0128871322v1.jpeg "Only one year to go: the new EU Machinery Regulation makes cybersecurity mandatory. Companies should act now. (Picture: ©Pisit - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/88/53/8853f7df2fe47a3d2c6f1879f6ac38e6/newsimage417073-1500x843v1v1.jpeg "Measuring setup for friction stir welding: Modular acoustic measuring system with flexibly positioned microphones for recording tool wear and process deviations in real time. (Image:Fraunhofer IDMT)")
:quality(80)/p7i.vogel.de/wcms/28/75/28751a17e2bcca46e53a1e7b8a84c433/schmersal-tiepner-029-6749x3796v1v1.jpeg "Tiepner's compact system produces ID cards made of laminated plastic, which are used as customer cards, ID cards or cheque cards, among other things. Left in the picture: Christian Höltge, Managing Director of Tiepner GmbH. (Image:Tiepner GmbH)")
:quality(80)/p7i.vogel.de/wcms/cd/fe/cdfe212a3b3206e2ff09dcdf71c11240/0129219561v1.jpeg "Extended S-series: The new Cobot models from Omron lift up to 30 kilograms and are now also protected against dust and water thanks to protection class IP65. (Image:Omron)")
:quality(80)/p7i.vogel.de/wcms/c3/6d/c36d161e7709095fd1de4cb9de27d927/0129133682v1.jpeg "Nanjing is Siemens' largest research and production center for CNC systems, drives and electric motors outside Germany. (Image:Siemens)")
:quality(80)/p7i.vogel.de/wcms/70/dc/70dc2fbc09e6958a72c63bd15e986e14/0129206156v1.jpeg "The global shoe machine manufacturer Desma relies on automation and has been revolutionizing shoe production—together with ABB Robotics for over 40 years. (Image:ABB Robotics)")
:quality(80)/p7i.vogel.de/wcms/60/fd/60fd12ddfe1fb623568736f27d1cfe61/0128606899v1.jpeg "The future of supply chains: AI and dashboards to ensure optimal OTIF values (Picture: ©immimagery - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/39/38/393873c2ed943bb715a6419d94049b63/geralt-entrepreneur-1340649-1280-1280x720v1v1.jpeg "Visual Components presents its forecast for production simulation in 2026. (Image:Pixabay)")
:quality(80)/p7i.vogel.de/wcms/60/4e/604e2a1ce26f177c5f28c2bff94c2f7d/der-20rotor-20mit-20aktiv-20verwindbaren-20rotorbl-c3-a4ttern-20im-20windkanal-1920x1079v1v1.jpeg "The rotor with actively twistable rotor blades in the wind tunnel: The open measuring section and sound-absorbing wall and model fuselage cladding enable high-quality acoustic measurements. (Image:DLR)")
:quality(80)/p7i.vogel.de/wcms/a8/9a/a89aef1cba3843fa06a1ec1f07cf659b/adobestock-95634179--c2-a9-20crazyforanimeart-20-e2-80-93-20stock-adobe-com-4762x2678v1v1.jpeg "Copied from the octopus: Researchers have developed a film-like thin-film platform that can dynamically change not only its color but also its surface structure. (Image:AdobeStock_95634179_ CrazyForAnimeArt)")
:quality(80)/p7i.vogel.de/wcms/2b/fb/2bfbb9fa26274cb8f6e8979c24a3d08e/0129243542v1.jpeg "In some cases, the new additively manufactured lightweight bearings only reach
11 percent of the weight of comparable steel bearings. (Image:Rosswag Engineering)")
:quality(80)/p7i.vogel.de/wcms/25/11/25111828d56b46dc0dc3b717ac2dfcfa/0129276081v1.jpeg "According to media reports, Ford is negotiating with Geely about cooperation in production and technology. (Image:Ford)")
:quality(80)/p7i.vogel.de/wcms/b7/2d/b72dfd1458e86652491018914478cb00/0129259253v1.jpeg "The green belt of VW Palmela - including two geothermal fields and a new paint shop. (Image:VW Group)")
:quality(80)/p7i.vogel.de/wcms/cb/76/cb76d0c686e8dbc8b0e0b6961e3849c7/0129249515v1.jpeg "The Chinese Ministry of Industry and Information Technology has developed binding standards for retractable vehicle door handles. (Image:BYD)")
:quality(80)/p7i.vogel.de/wcms/42/0a/420a796e6b9d9e3bf27d89d4fe425d84/0129264331v1.jpeg "Polestar presented the new Model 5 live. (Image:Polestar)")
:quality(80)/p7i.vogel.de/wcms/6f/8f/6f8ff5bf9b81829ef22736bc790cecca/0129224894v1.jpeg "View of the quantum optics laboratory at the University of Stuttgart: here, researchers are experimenting with new photon sources for quantum computing and quantum networks. (Image:Barz Group, University of Stuttgart)")
:quality(80)/p7i.vogel.de/wcms/52/3a/523ac3157ae4b4f596c7241c89127061/0129260553v1.jpeg "This artistic illustration shows a thermal analog calculator that performs calculations using excess heat and is embedded in a microelectronic system. (Image:Jose-Luis Olivares, MIT)")
:quality(80)/p7i.vogel.de/wcms/d1/f4/d1f4508c6b79ec2f0432b34a6fa33a98/0114966184v1.jpeg "The Infineon headquarters Campeon in Neubiberg, Munich. (Image:Infineon)")
:quality(80)/p7i.vogel.de/wcms/fa/d3/fad3872cf3f110f43411f2dce9e8f23a/0129265762v1.jpeg "Siemens Energy has discovered the USA as a prosperous growth market for network technology and gas turbines! In order to be able to meet demand at some point, the company is already digging deeper into its pockets ... (Image:Siemens Energy)")
:fill(fff,0)/images.vogel.de/vogelonline/companyimg/76800/76895/65.jpg "FAULHABER_120mm.jpg ()")
:fill(fff,0)/p7i.vogel.de/companies/67/eb/67eba621ef6ea/logo2.png "logo2 (Wuxi InfiMotion)"){kind=logo}
:quality(80)/p7i.vogel.de/wcms/56/a0/56a0b540c47f6131d98539ff0648dcee/0128235887v1.jpeg "New EU laws such as the Cyber Resilience Act and NIS-2 require companies to systematically protect their digital infrastructure. (Picture: ©AD - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/49/29/4929e9145217933764207c891eab9024/0126622587v1.jpeg "In the future, companies must establish effective risk management focused on network security, access control, and incident response. (Image:Softing Industrial)")