Industrial cybersecurity in Galicia: from regulation to real-world operation

Techpapers

By Beatriz González, IS Consultant at Inprotech.


The publication of AMTEGA’s catalogue of best practices and controls for ICS environments comes at a particularly relevant moment for Galician industry. The combination of greater connectivity, IT/OT convergence and new regulatory requirements is raising the level of exposure for factories, critical infrastructure and essential services.
The great value of this document is that it avoids a simplistic view of industrial cybersecurity. It does not propose a closed list of products or a universal recipe, but rather a functional framework for understanding which controls to apply, when to prioritise them and how to adapt them to each organisation’s reality.

Security designed to operate

In industrial environments, availability matters as much as confidentiality. A technically correct control may be inapplicable if it compromises the process, breaks continuity or alters functional safety.
That is why the catalogue insists on a pragmatic approach: defence in depth, risk analysis and gradual deployment of measures. Segmentation, access restriction, network visibility and enhanced monitoring stop being “good ideas” and become operational pillars.

Compensating controls: key in OT

One of the most valuable aspects of the document is its attention to compensating controls. In OT, it is not always possible to patch, shut down or replace an asset with the speed that a traditional IT policy would require.
In that context, an effective control may come from limiting access, hardening configurations, reducing exposure, controlling external devices or reinforcing early detection. In other words, managing risk with operational intelligence, not just technology.

IT and OT: the same risk surface

The convergence between IT and OT has widened the attack surface of industrial organisations. Today, email, remote access, cloud services, digital identity and centralised event management are also part of the industrial security equation.
This integrated view is especially important for Galicia, where industry needs to combine productivity, resilience and compliance in an increasingly regulated environment. In practice, this requires aligning operations, maintenance, engineering and cybersecurity teams under a single set of priorities.

From guidance to continuous improvement

More than a theoretical document, this catalogue works as a roadmap. It allows organisations to identify gaps, prioritise investments and build a realistic maturity plan, tailored to each organisation’s resources and risk.
The main lesson is clear: industrial cybersecurity is not solved with a single isolated tool, but with a coherent strategy that combines people, processes and technology.
In a context where NIS2, IEC 62443 and pressure on the supply chain are setting the pace, having a practical, locally relevant reference point represents a competitive advantage for Galician industry.

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed

keyboard_arrow_up