Cyber security in industrial-technical SMEs

The level of technical automation in large-scale industry is rising fast. Making this sector vulnerable to all forms of digital crime. The same applies to vital infrastructures such as energy distribution, automated bridges, locks, pumping stations and flood defenses. It has become a widely heard statement: ‘Shutdown these crucial facilities unauthorized with their high level of automation, and the whole country is going down’.

To prevent this, the sector must comply with increasingly stricter national and international regulations in the field of cybersecurity. Not only organizational and administrative, also regarding the automation of the primary technical business processes.

Demonstrably competent

To be able to comply with this, they also set increasingly higher demands on their suppliers and service providers in industrial-technical small and medium-sized enterprises (SMEs). This sizeable and important category within the Dutch economy includes machine and equipment builders, automation and installation companies, consultants, system integrators and inspectors. All of these parties must be able to demonstrate their professional competence in industrial-technical cyber security, both among themselves and toward clients. This is the only way digital security can be integrated within the chain of industrial supply and outsourcing to comply to international legislation and standards.



One out of five SMEs has been a victim of cyber-crime in the past, says Marcel Jutte, managing director of Hudson Cybertec, the independent cyber security solution provider for the IACS-domain (also known as Operational Technology, OT). So far without major consequences, but that can change quickly. Because of the recovering economy versus rapidly growing shortage of technical skilled personnel, industrial SMEs are increasingly automating their own production processes. With this increased automation, the same security rules and standards must be observed as used by their clients.

The weakest link

Jutte: “Especially in The Netherlands, these SME-organizations produce high-quality automated machines, products and subsystems for large, vital and vulnerable infrastructures and branches of industry nationally and internationally. The SMEs are in danger of becoming the weakest link in the cyber security chain. They usually manage their internal administrative and logistic automation adequately, just like the industrial automation that they use in their own production lines, machines and subsystems which delivered to other branches within the industry. But this does not yet apply to its demonstrable protection against cyber-crime.


With the digitalization of society, an airtight international system for cyber security becomes a necessity. The European Directive Network & Information Security (NIS), called the ‘Netwerk en Informatiebeveiliging-Richtlijn’ (the NIB-Richtlijn) in the Netherlands, will become mandatory. This is achieved by national legislation called the ‘Wet beveiliging netwerk- en informatiesystemen’ (Wbni) in the Netherlands by the end of this year.

Branches like hospitals, communication- and energy companies, and the high-risk branches within the heavy industry will have a duty to report, just like the asset owners of vital infrastructures.

In that context, companies and organizations must set requirements for their technical suppliers and service providers in the SME. Several government agencies, end-users in the vital infrastructure, as well as some of the first industrial installation companies/system integrators have already had their specialists certified by the NEN for the knowledge on the IEC 62443 standard.


Hudson Cybertec is expanding its services to the industrial-technical SME. The Ministry of Economic Affairs and Climate Policy, is also increasingly supporting this link in the security chain. This is done in cooperation with other companies in the sector and entrepreneurial organizations in the Netherlands, involving collaboration with universities, knowledge centers and companies like Hudson Cybertec.

The independent cyber security solution provider Hudson Cybertec has developed a specialized short ‘cyber security assessment’ or ‘cyber security scan’ for entrepreneurs in the industrial-technical SME, which are based on the IEC 62443 standard.

Jutte: “These companies are already in contact with IT’ers, but mainly about administrative automation. But now it is about the automation of cybersecurity in their own production systems, and the machines and technical systems they deliver to their clients. When they employ system integrators, consultants or own employees who have been trained and certificated for this, they have already complied with a large part of the stricter requirements.

 Lees het volledige artikel hier


In the spotlight

Monitoring your OT environment is essential. You know what is happening on your network and see to what extent you are compliant with various cyber security standards and laws and regulations.

IEC 62443 Standard

The IEC 62443 standard offers your organization tools to improve the digital security and safety of your IACS environment. Implementation of the standard improves the cybersecurity level of your organization's OT / ICS / SCADA environment.

The IEC 62443 is the international cybersecurity standards framework for operational technology (OT). The framework consists of a collection of standards, technical reports and related information for securing Industrial Automation and Control Systems (IACS).

read more

Hudson Cybertec’s IEC 62443 Competence Center has extensive experience with this standard. We play an active role in the development of the standard, actively promote it internationally and have developed a training program around the IEC 62443.

read more

It is becoming increasingly important for organizations to be able to demonstrate that the digital security of the OT environment is in accordance with standards frameworks. It is therefore possible to certify (parts of) your IACS environment according to IEC 62443.

read more

If you want to know more about this standard and need training on how to apply it within your own organization or at your clients, Hudson Cybertec has a number of very interesting training courses for you.

read more

The IEC 62443 standard provides organizations with tools to improve the digital security and safety of OT / ICS / SCADA environments.

read more

How digitally safe is your organization?

Curious about the possibilities? Please contact us!

Contact us


Sign up for our newsletter. We will keep you posted on the latest developments in our cybersecurity services.

  • This field is for validation purposes and should be left unchanged.