Cyber Ireland’s Operational Technology Security (OTSec) Special Interest Group (SIG) hosted its annual in-person event on 8th October 2025, as part of the Cyber Ireland National Conference (CINC25) side events at the Lyrath Estate, Kilkenny.
Themed “Outside In – Connecting the Dots for OT Cyber Resilience”, the session brought together experts, operators, and cybersecurity professionals from across Ireland to explore how compliance, third-party risk, and investment intersect to build stronger OT security.
Enhancing Compliance and Preparedness through Cyber Fundamentals & NIS2
Speaker: Ciaran Boner, NCSC
The event opened with an overview of how organisations can prepare for upcoming regulatory requirements, including NIS2, through practical frameworks such as CyFun 2025 — Ireland’s updated CyberFundamentals framework.
CyFun 2025 integrates supply chain and operational technology considerations more deeply than before, aligned with NIST CSF 2.0 and European legislation. It provides a structured, risk-based maturity model adaptable to organisations of all sizes, and will become a key tool for demonstrating NIS2 compliance in the years ahead.
Third-Party Risk Management: Why OT Security Starts Outside Your Walls
Speaker: Will O’Brien, PwC
The presentation focused on third-party risk management (TPRM) as a cornerstone of OT security. Drawing on findings from PwC’s Global Digital Trust Insights Survey 2025, he highlighted that:
- 48% of Irish respondents see third-party breaches as their top OT security concern.
- 33% of attacks target connected products directly, with 42% cloud-related threats and 38% hack-and-leak operations, as IT and OT environments converge.
Real-world case studies illustrated how attackers are exploiting vendor access and supply chains to compromise critical infrastructure. It outlined practical steps to strengthen TPRM, including supplier segmentation, continuous monitoring, and clear contractual cybersecurity requirements, to ensure defences extend beyond the organisation’s perimeter.
Securing the Future: Making the Business Case for OT Cybersecurity
Speaker: Ian Fahey, KPMG
The third keynote addressed the strategic dimension of OT security: making the business case for investment. It explored how boards and executives often perceive cybersecurity as a cost centre, and how reframing it as an enabler of resilience and competitive advantage can unlock funding and strategic support.
Key themes included:
- Aligning cybersecurity with business outcomes and performance metrics.
- Building cyber literacy at board level to drive informed decision-making.
- Moving from reactive investment after incidents to proactive, business-aligned planning.
- Leveraging technology strategically to reduce costs and increase trust.
The message was clear: embedding OT cybersecurity within the business strategy is essential to keep pace with digital transformation and regulatory expectations.
Panel Discussion: Connecting the Dots for OT Resilience
The session concluded with a panel discussion, moderated by Dónal Óg Cusack, Chair of the OTSec SIG. Panellists representing both government and industry explored how to “connect the dots” between regulatory compliance, third-party risk, and business priorities to strengthen OT resilience in practice.
The discussion reflected a shared recognition that OT cybersecurity is no longer optional. As digitalisation accelerates, organisations must align governance, operations, and supply chain security to protect critical infrastructure.
Cyber Ireland's OTSec Special Interest Group
Find more information on how to join the OTSec SIG and our upcoming activities – here
To join our OTSec SIG to keep up to date with our activities and events – sign-up here.
Next OTSec Event
Join us at the ISA Ireland OT Cybersecurity Conference, in partnership with Cyber Ireland, at the Mullingar Park Hotel, Mullingar, Co. Westmeath, 18th of November 2025 – Register here
