{"id":22797,"date":"2026-06-24T10:24:07","date_gmt":"2026-06-24T08:24:07","guid":{"rendered":"https:\/\/mjolner.dk\/?p=22797"},"modified":"2026-06-29T14:14:42","modified_gmt":"2026-06-29T12:14:42","slug":"ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest","status":"publish","type":"post","link":"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/","title":{"rendered":"OT security in practice: How management works with the scenarios that can hit operations the hardest"},"content":{"rendered":"<h1>\n<p>OT security in practice: How management works with the scenarios that can hit operations the hardest<\/p>\n<\/h1>\n<div>\n<p data-start=\"0\" data-end=\"202\">When a control system becomes unavailable, vendor access fails, or a plant cannot be controlled as expected, OT security quickly becomes a matter of operations, responsibility and decision-making power.<\/p>\n<p data-start=\"204\" data-end=\"484\">For energy and utility companies, OT security is therefore not only about protecting systems. It is about ensuring that the most important functions can continue when something goes wrong. That is why management should start with the scenarios that can hit operations the hardest.<\/p>\n<p data-start=\"486\" data-end=\"733\">This is the third post in our series on OT security in the energy and utilities sector. In the first two posts, we focused on why OT security has become a management concern, and why OT cannot be handled with the same logic as classic IT security.<\/p>\n<p data-start=\"735\" data-end=\"797\" data-is-last-node=\"\" data-is-only-node=\"\">If you have not read them yet, they are a good place to start:<\/p>\n<p data-start=\"735\" data-end=\"797\" data-is-last-node=\"\" data-is-only-node=\"\"><a href=\"https:\/\/mjolner.dk\/en\/blog\/when-it-and-ot-meet-3-classic-mistakes-management-should-avoid\/\">When IT and OT meet: 3 classic mistakes management should avoid<\/a><\/p>\n<p data-start=\"735\" data-end=\"797\" data-is-last-node=\"\" data-is-only-node=\"\"><a href=\"https:\/\/mjolner.dk\/en\/blog\/0t-security-5-tips-for-management\/\">New risks, new requirements: 5 OT security tips for management<\/a><\/p>\n<\/div>\n<div>\n<p data-start=\"0\" data-end=\"186\">With that as our starting point, we now move from recognition to practice. Because once management has understood why OT security requires a different approach, the key question becomes:<\/p>\n<p data-start=\"188\" data-end=\"229\"><strong>How do you work with OT risk in practice?<\/strong><\/p>\n<p data-start=\"231\" data-end=\"599\">The perspectives in this post are based on experience and recommendations from Mj\u00f8lner\u2019s domain experts in the energy and utilities sector, <a href=\"https:\/\/www.linkedin.com\/in\/jakobhviid\/\">Jakob Hviid<\/a> and <a href=\"https:\/\/www.linkedin.com\/in\/andr%C3%A9-bryde-alnor-664ba615\/\">Andr\u00e9 Bryde Alnor<\/a>, as well as our partner <a href=\"https:\/\/www.linkedin.com\/in\/jhartig\/\">J\u00f8rgen Hartig<\/a> from <a href=\"https:\/\/securiot.dk\/frontpage\/\">SecuriOT<\/a>. They work with security, operations and digitalisation in environments where resilience, uptime and responsible decision-making are critical.<\/p>\n<p data-start=\"601\" data-end=\"833\">Many organisations start with what is easiest to identify: physical security, access control, network segmentation or individual technical controls. All of these are relevant. But they are not necessarily where the risk is greatest.<\/p>\n<p data-start=\"835\" data-end=\"923\">For OT security to create real value, management should start with a different question:<\/p>\n<p data-start=\"925\" data-end=\"998\"><strong>What could, in practice, stop or seriously affect our ability to deliver?<\/strong><\/p>\n<p data-start=\"1000\" data-end=\"1130\">That question moves the work from general security measures to concrete scenarios that management can prioritise, test and act on.<\/p>\n<h2 data-start=\"1132\" data-end=\"1175\">Start with what absolutely needs to work<\/h2>\n<p data-start=\"1177\" data-end=\"1302\">A good starting point for OT security is not a long list of technical measures. It is a more fundamental management question:<\/p>\n<p data-start=\"1304\" data-end=\"1379\">Which functions absolutely need to work for us to deliver our core service?<\/p>\n<p data-start=\"1381\" data-end=\"1629\" data-is-last-node=\"\" data-is-only-node=\"\">Because OT security is not first and foremost about protecting technology. It is about protecting the organisation\u2019s ability to function. About ensuring that electricity, heat, water or production can be maintained &#8211; even when something goes wrong.<\/p>\n<\/div>\n<blockquote>\n<p>\u201dThe essential function in our supply or production is supported by a number of sub-functions that need to be in place for everything to work optimally. These sub-functions are always supported by systems such as servers, networks and applications. If these systems fail, we come to a standstill. That is why clarifying what is acceptable, what is most critical, and how we get back up and running should be central focus points in this process.\u201d<\/p>\n<footer>\n<p>                <cite>emphasises J\u00f8rgen Hartig, Director, Strategic Advisor and Partner at SecuriOT.<\/cite><\/p>\n<\/footer>\n<\/blockquote>\n<div>\n<p data-start=\"0\" data-end=\"201\">This is a crucial distinction. While IT security often starts from access, data and system protection, OT security is largely based on the ability of operations to continue &#8211; even when something fails.<\/p>\n<p data-start=\"203\" data-end=\"450\" data-is-last-node=\"\" data-is-only-node=\"\">Jakob Hviid, Senior Solution Architect at Mj\u00f8lner, points to the same fundamental difference between the two worlds. While IT can often respond to an incident by shutting down, isolating or quickly changing systems, the premise is different in OT:<\/p>\n<\/div>\n<blockquote>\n<p>\u201cIn the OT world, it is about how you maintain the highest possible uptime. Security has a different perspective. It is also about physical infrastructure, spare parts, redundancy and contingency plans.\u201d<\/p>\n<\/blockquote>\n<div>\n<\/div>\n<div>\n<h2 data-start=\"0\" data-end=\"46\">Shift the focus from assets to consequences<\/h2>\n<p data-start=\"48\" data-end=\"107\">Many organisations are used to thinking in terms of assets:<\/p>\n<ul>\n<li data-start=\"109\" data-end=\"250\">Which plants or systems are the most expensive?<\/li>\n<li data-start=\"109\" data-end=\"250\">Which components are the most difficult to replace?<\/li>\n<li data-start=\"109\" data-end=\"250\">What is technically the most complex?<\/li>\n<\/ul>\n<p data-start=\"252\" data-end=\"395\">These are relevant questions. But they are not enough. A more mature approach is to shift the focus from plants and components to consequences:<\/p>\n<ul>\n<li data-start=\"252\" data-end=\"395\">What happens if an essential function fails?<\/li>\n<li data-start=\"252\" data-end=\"395\">What happens if a central system is unavailable for several days?<\/li>\n<li data-start=\"252\" data-end=\"395\">What happens if a supplier connection disappears at the wrong time?<\/li>\n<li data-start=\"252\" data-end=\"395\">What happens if a failure in one system spreads to other parts of operations?<\/li>\n<\/ul>\n<p data-start=\"661\" data-end=\"843\">For management, this provides a stronger basis for decision-making. When the consequence is clear, it becomes easier to prioritise the initiatives that actually reduce risk the most.<\/p>\n<h2 data-start=\"845\" data-end=\"898\">The consequences do not stop at the OT environment<\/h2>\n<p data-start=\"900\" data-end=\"1057\" data-is-last-node=\"\" data-is-only-node=\"\">An OT incident rarely affects only one system or one plant. It can impact the entire value chain around operations, production, troubleshooting and recovery.<\/p>\n<\/div>\n<blockquote>\n<p>&#8220;You may have secured your OT network as well as possible. But if operations depend on systems, processes or suppliers outside OT, you may still be vulnerable \u2014 both to attacks and in terms of getting production back up and running after an outage.&#8221;<\/p>\n<footer>\n<p>                <cite>explains Andr\u00e9 Bryde Alnor, Energy Solution Strategist at Mj\u00f8lner<\/cite><\/p>\n<\/footer>\n<\/blockquote>\n<div>\n<p class=\"isSelectedEnd\"><span>We often see this in practice. Many organisations have a good overview of their physical assets, but less insight into the dependencies surrounding them.<\/span><\/p>\n<p class=\"isSelectedEnd\"><span>These may include order flows, supplier access, support processes, data exchange, internal workflows or key personnel who turn out to be critical when something goes wrong.<\/span><\/p>\n<p class=\"isSelectedEnd\"><span>That is why it is not enough to ask whether the OT environment is protected. Management must also ask:<\/span><\/p>\n<p class=\"isSelectedEnd\"><strong>Which parts of the value chain do operations depend on \u2014 and how quickly can we return to stable operations if they fail?<\/strong><\/p>\n<h2><span>Build a few scenarios that really hurt<\/span><\/h2>\n<p><span>One of the most useful approaches is also one of the simplest: Do not start with everything. Start with a few scenarios that would have serious consequences if they became reality.<\/span><\/p>\n<\/div>\n<blockquote>\n<p>\u201dTry to define 5-6 scenarios where you can say: If this happened, it would really hurt operations.&#8221;<\/p>\n<footer>\n<p>                <cite>states Jakob Hviid, Senior Solution Architect at Mj\u00f8lner<\/cite><\/p>\n<\/footer>\n<\/blockquote>\n<div>\n<p class=\"isSelectedEnd\"><span>It is good advice because it forces the organisation to prioritise. Instead of trying to map every conceivable risk, management can begin with a limited number of incidents that would have serious consequences for operations, supply, safety or reputation.<\/span><\/p>\n<p class=\"isSelectedEnd\"><span>These could, for example, be scenarios such as:<\/span><\/p>\n<ul>\n<li class=\"isSelectedEnd\"><span>A central control system is unavailable for several days<\/span><\/li>\n<li class=\"isSelectedEnd\"><span>An external supplier loses access to a critical environment<\/span><\/li>\n<li class=\"isSelectedEnd\"><span>A plant cannot be controlled as expected<\/span><\/li>\n<li class=\"isSelectedEnd\"><span>An incident in one system affects other parts of operations<\/span><\/li>\n<li class=\"isSelectedEnd\"><span>A key person or critical support function is unavailable during an incident<\/span><\/li>\n<\/ul>\n<p class=\"isSelectedEnd\"><span>The scenarios do not have to be perfect from the start. What matters is that they are concrete enough for the organisation to begin asking the right questions.<\/span><\/p>\n<h2><span>Make time part of the risk<\/span><\/h2>\n<p class=\"isSelectedEnd\"><span>A scenario becomes far more useful when you add time.<\/span><\/p>\n<p class=\"isSelectedEnd\"><span>It is one thing to say that a system can go down. It is another to ask what it means if it is down for 24, 48 or 72 hours. Then the risk becomes concrete: How long can the function be affected before it impacts supply, safety or operations? Which emergency processes can keep operations running in the meantime? And which suppliers, spare parts or key people are critical to returning to stable operations?<\/span><\/p>\n<p class=\"isSelectedEnd\"><span>Scenario thinking connects security with contingency planning, recovery and concrete courses of action.<\/span><\/p>\n<h2><span>Use the scenarios to prioritise correctly<\/span><\/h2>\n<p class=\"isSelectedEnd\"><span>When the most important scenarios are clear, it becomes easier to determine which investments actually reduce risk the most.<\/span><\/p>\n<p class=\"isSelectedEnd\"><span>This could be technical controls, better visibility into the OT landscape, tighter management of supplier access, contingency plans, testing, spare parts or clear decision paths during an incident.<\/span><\/p>\n<p class=\"isSelectedEnd\"><span>What matters is that prioritisation is based on the consequence for operations and supply &#8211; not only on what is easiest to implement.<\/span><\/p>\n<p><span>Jakob puts the difference like this:<\/span><\/p>\n<\/div>\n<blockquote>\n<p>\u201cOn the IT side, it is often about protecting data from unauthorised access. In OT, maintaining the value chain plays a much larger role.\u201d<\/p>\n<\/blockquote>\n<div>\n<p class=\"isSelectedEnd\"><span>In OT, it is precisely the ability to maintain the value chain that must guide the work.<\/span><\/p>\n<h2><span>OT risk requires several perspectives<\/span><\/h2>\n<p class=\"isSelectedEnd\"><span>Scenario work cannot be handled by one function alone.<\/span><\/p>\n<p class=\"isSelectedEnd\"><span>There must be clear ownership, but the work only becomes strong when several relevant perspectives are brought into play. OT risk rarely arises in one place. It arises in the interaction between plant operations, IT, suppliers, contingency planning and the business.<\/span><\/p>\n<p class=\"isSelectedEnd\"><span>That is why the scenarios should not only be assessed by OT specialists. They should be reviewed together with the functions that need to act if the scenario becomes reality.<\/span><\/p>\n<p class=\"isSelectedEnd\"><span>For management, the task is to establish a structure where the relevant disciplines work together to assess risk, consequence and possible actions. Otherwise, OT security risks becoming either an isolated specialist project or a risk register with no real impact on operations.<\/span><\/p>\n<h2><span>From concern to decision<\/span><\/h2>\n<p class=\"isSelectedEnd\"><span>OT security only becomes truly valuable when it moves from being a diffuse concern to becoming a way to make better decisions.<\/span><\/p>\n<p class=\"isSelectedEnd\"><span>That is exactly what scenario thinking can do.<\/span><\/p>\n<p class=\"isSelectedEnd\"><span>It helps the organisation focus on what matters most. It makes risk concrete. It creates a shared language between management, operations and specialists. And it makes it easier to prioritise both investments and initiatives.<\/span><\/p>\n<p class=\"isSelectedEnd\"><span>Management can start with four questions:<\/span><\/p>\n<ol>\n<li class=\"isSelectedEnd\"><span>Which functions absolutely need to work for us to deliver our core service?<\/span><\/li>\n<li class=\"isSelectedEnd\"><span>Which 5-6 scenarios would hit operations the hardest?<\/span><\/li>\n<li class=\"isSelectedEnd\"><span>How long can we tolerate central systems or supplier connections being unavailable?<\/span><br \/><span><\/span><\/li>\n<li class=\"isSelectedEnd\"><span>Who owns the responsibility for testing, prioritising and following up?<\/span><\/li>\n<\/ol>\n<p class=\"isSelectedEnd\"><span>The most important thing is not to find all the answers at once.<\/span><\/p>\n<p class=\"isSelectedEnd\"><span>The most important thing is to get started with the few scenarios that really matter. Because once they are clear, it also becomes clearer which systems, processes, suppliers and decisions are truly critical.<\/span><\/p>\n<p><span>At Mj\u00f8lner, we help energy and utility companies translate OT risk into concrete scenarios, priorities and decision-making foundations that management, operations and specialists can act on.<\/span><\/p>\n<\/div>\n<div>\n<h3>Do you want to strengthen OT security without obstructing operations?<\/h3>\n<div>\n<p>When IT and OT converge, there is rarely one standard solution. Have an informal conversation with Andr\u00e9 about how you can strengthen OT security without compromising operations, uptime and safety.<\/p>\n<\/div>\n<\/div>\n<div>\n<h3>Email<\/h3>\n<p>aba@mjolner.dk<\/p>\n<\/div>\n<div>\n<h3>Phone<\/h3>\n<p>+45 23 46 04 45<\/p>\n<\/div>\n<div>\n<div class=\"_form_41\"><\/div>\n<p><script src=\"https:\/\/mjolnerinformatics.activehosted.com\/f\/embed.php?id=41\" charset=\"utf-8\"><\/script>\n<\/div>\n<p><!--more--><br \/>\n<!-- {\"type\":\"layout\",\"children\":[{\"type\":\"section\",\"props\":{\"image_position\":\"center-center\",\"style\":\"default\",\"title_breakpoint\":\"xl\",\"title_position\":\"top-left\",\"title_rotation\":\"left\",\"vertical_align\":\"\",\"width\":\"default\"},\"children\":[{\"type\":\"row\",\"children\":[{\"type\":\"column\",\"props\":{\"image_position\":\"center-center\",\"position_sticky_breakpoint\":\"m\"},\"children\":[{\"type\":\"headline\",\"props\":{\"content\":\"\n\n<p>OT security in practice: How management works with the scenarios that can hit operations the hardest<\\\/p>\",\"title_element\":\"h1\"}},{\"type\":\"text\",\"props\":{\"column_breakpoint\":\"m\",\"content\":\"\n\n<p data-start=\\\"0\\\" data-end=\\\"202\\\">When a control system becomes unavailable, vendor access fails, or a plant cannot be controlled as expected, OT security quickly becomes a matter of operations, responsibility and decision-making power.<\\\/p>\\n\n\n<p data-start=\\\"204\\\" data-end=\\\"484\\\">For energy and utility companies, OT security is therefore not only about protecting systems. It is about ensuring that the most important functions can continue when something goes wrong. That is why management should start with the scenarios that can hit operations the hardest.<\\\/p>\\n\n\n<p data-start=\\\"486\\\" data-end=\\\"733\\\">This is the third post in our series on OT security in the energy and utilities sector. In the first two posts, we focused on why OT security has become a management concern, and why OT cannot be handled with the same logic as classic IT security.<\\\/p>\\n\n\n<p data-start=\\\"735\\\" data-end=\\\"797\\\" data-is-last-node=\\\"\\\" data-is-only-node=\\\"\\\">If you have not read them yet, they are a good place to start:<\\\/p>\\n\n\n<p data-start=\\\"735\\\" data-end=\\\"797\\\" data-is-last-node=\\\"\\\" data-is-only-node=\\\"\\\"><a href=\\\"https:\\\/\\\/mjolner.dk\\\/en\\\/blog\\\/when-it-and-ot-meet-3-classic-mistakes-management-should-avoid\\\/\\\">When IT and OT meet: 3 classic mistakes management should avoid<\\\/a><\\\/p>\\n\n\n<p data-start=\\\"735\\\" data-end=\\\"797\\\" data-is-last-node=\\\"\\\" data-is-only-node=\\\"\\\"><a href=\\\"https:\\\/\\\/mjolner.dk\\\/en\\\/blog\\\/0t-security-5-tips-for-management\\\/\\\">New risks, new requirements: 5 OT security tips for management<\\\/a><\\\/p>\",\"margin\":\"default\"}},{\"type\":\"text\",\"props\":{\"column_breakpoint\":\"m\",\"content\":\"\n\n<p data-start=\\\"0\\\" data-end=\\\"186\\\">With that as our starting point, we now move from recognition to practice. Because once management has understood why OT security requires a different approach, the key question becomes:<\\\/p>\\n\n\n<p data-start=\\\"188\\\" data-end=\\\"229\\\"><strong>How do you work with OT risk in practice?<\\\/strong><\\\/p>\\n\n\n<p data-start=\\\"231\\\" data-end=\\\"599\\\">The perspectives in this post are based on experience and recommendations from Mj\\u00f8lner\\u2019s domain experts in the energy and utilities sector, <a href=\\\"https:\\\/\\\/www.linkedin.com\\\/in\\\/jakobhviid\\\/\\\">Jakob Hviid<\\\/a> and <a href=\\\"https:\\\/\\\/www.linkedin.com\\\/in\\\/andr%C3%A9-bryde-alnor-664ba615\\\/\\\">Andr\\u00e9 Bryde Alnor<\\\/a>, as well as our partner <a href=\\\"https:\\\/\\\/www.linkedin.com\\\/in\\\/jhartig\\\/\\\">J\\u00f8rgen Hartig<\\\/a> from <a href=\\\"https:\\\/\\\/securiot.dk\\\/frontpage\\\/\\\">SecuriOT<\\\/a>. They work with security, operations and digitalisation in environments where resilience, uptime and responsible decision-making are critical.<\\\/p>\\n\n\n<p data-start=\\\"601\\\" data-end=\\\"833\\\">Many organisations start with what is easiest to identify: physical security, access control, network segmentation or individual technical controls. All of these are relevant. But they are not necessarily where the risk is greatest.<\\\/p>\\n\n\n<p data-start=\\\"835\\\" data-end=\\\"923\\\">For OT security to create real value, management should start with a different question:<\\\/p>\\n\n\n<p data-start=\\\"925\\\" data-end=\\\"998\\\"><strong>What could, in practice, stop or seriously affect our ability to deliver?<\\\/strong><\\\/p>\\n\n\n<p data-start=\\\"1000\\\" data-end=\\\"1130\\\">That question moves the work from general security measures to concrete scenarios that management can prioritise, test and act on.<\\\/p>\\n\n\n<h2 data-start=\\\"1132\\\" data-end=\\\"1175\\\">Start with what absolutely needs to work<\\\/h2>\\n\n\n<p data-start=\\\"1177\\\" data-end=\\\"1302\\\">A good starting point for OT security is not a long list of technical measures. It is a more fundamental management question:<\\\/p>\\n\n\n<p data-start=\\\"1304\\\" data-end=\\\"1379\\\">Which functions absolutely need to work for us to deliver our core service?<\\\/p>\\n\n\n<p data-start=\\\"1381\\\" data-end=\\\"1629\\\" data-is-last-node=\\\"\\\" data-is-only-node=\\\"\\\">Because OT security is not first and foremost about protecting technology. It is about protecting the organisation\\u2019s ability to function. About ensuring that electricity, heat, water or production can be maintained - even when something goes wrong.<\\\/p>\",\"margin\":\"default\"}},{\"type\":\"quotation\",\"props\":{\"author\":\"emphasises J\\u00f8rgen Hartig, Director, Strategic Advisor and Partner at SecuriOT.\",\"content\":\"\n\n<p>\\u201dThe essential function in our supply or production is supported by a number of sub-functions that need to be in place for everything to work optimally. These sub-functions are always supported by systems such as servers, networks and applications. If these systems fail, we come to a standstill. That is why clarifying what is acceptable, what is most critical, and how we get back up and running should be central focus points in this process.\\u201d<\\\/p>\"}},{\"type\":\"text\",\"props\":{\"column_breakpoint\":\"m\",\"content\":\"\n\n<p data-start=\\\"0\\\" data-end=\\\"201\\\">This is a crucial distinction. While IT security often starts from access, data and system protection, OT security is largely based on the ability of operations to continue - even when something fails.<\\\/p>\\n\n\n<p data-start=\\\"203\\\" data-end=\\\"450\\\" data-is-last-node=\\\"\\\" data-is-only-node=\\\"\\\">Jakob Hviid, Senior Solution Architect at Mj\\u00f8lner, points to the same fundamental difference between the two worlds. While IT can often respond to an incident by shutting down, isolating or quickly changing systems, the premise is different in OT:<\\\/p>\",\"margin\":\"default\"}},{\"type\":\"quotation\",\"props\":{\"content\":\"\n\n<p>\\u201cIn the OT world, it is about how you maintain the highest possible uptime. Security has a different perspective. It is also about physical infrastructure, spare parts, redundancy and contingency plans.\\u201d<\\\/p>\"}},{\"type\":\"html\",\"props\":{\"content\":\"\n\n\"},\"name\":\"\\u2013 ekstra luft \\u2013\"},{\"type\":\"text\",\"props\":{\"column_breakpoint\":\"m\",\"content\":\"\n\n<h2 data-start=\\\"0\\\" data-end=\\\"46\\\">Shift the focus from assets to consequences<\\\/h2>\\n\n\n<p data-start=\\\"48\\\" data-end=\\\"107\\\">Many organisations are used to thinking in terms of assets:<\\\/p>\\n\n\n<ul>\\n\n\n<li data-start=\\\"109\\\" data-end=\\\"250\\\">Which plants or systems are the most expensive?<\\\/li>\\n\n\n<li data-start=\\\"109\\\" data-end=\\\"250\\\">Which components are the most difficult to replace?<\\\/li>\\n\n\n<li data-start=\\\"109\\\" data-end=\\\"250\\\">What is technically the most complex?<\\\/li>\\n<\\\/ul>\\n\n\n<p data-start=\\\"252\\\" data-end=\\\"395\\\">These are relevant questions. But they are not enough. A more mature approach is to shift the focus from plants and components to consequences:<\\\/p>\\n\n\n<ul>\\n\n\n<li data-start=\\\"252\\\" data-end=\\\"395\\\">What happens if an essential function fails?<\\\/li>\\n\n\n<li data-start=\\\"252\\\" data-end=\\\"395\\\">What happens if a central system is unavailable for several days?<\\\/li>\\n\n\n<li data-start=\\\"252\\\" data-end=\\\"395\\\">What happens if a supplier connection disappears at the wrong time?<\\\/li>\\n\n\n<li data-start=\\\"252\\\" data-end=\\\"395\\\">What happens if a failure in one system spreads to other parts of operations?<\\\/li>\\n<\\\/ul>\\n\n\n<p data-start=\\\"661\\\" data-end=\\\"843\\\">For management, this provides a stronger basis for decision-making. When the consequence is clear, it becomes easier to prioritise the initiatives that actually reduce risk the most.<\\\/p>\\n\n\n<h2 data-start=\\\"845\\\" data-end=\\\"898\\\">The consequences do not stop at the OT environment<\\\/h2>\\n\n\n<p data-start=\\\"900\\\" data-end=\\\"1057\\\" data-is-last-node=\\\"\\\" data-is-only-node=\\\"\\\">An OT incident rarely affects only one system or one plant. It can impact the entire value chain around operations, production, troubleshooting and recovery.<\\\/p>\",\"margin\":\"default\"}},{\"type\":\"quotation\",\"props\":{\"author\":\"explains Andr\\u00e9 Bryde Alnor, Energy Solution Strategist at Mj\\u00f8lner\",\"content\":\"\n\n<p>\\\"You may have secured your OT network as well as possible. But if operations depend on systems, processes or suppliers outside OT, you may still be vulnerable \\u2014 both to attacks and in terms of getting production back up and running after an outage.\\\"<\\\/p>\"}},{\"type\":\"text\",\"props\":{\"column_breakpoint\":\"m\",\"content\":\"\n\n<p class=\\\"isSelectedEnd\\\"><span>We often see this in practice. Many organisations have a good overview of their physical assets, but less insight into the dependencies surrounding them.<\\\/span><\\\/p>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>These may include order flows, supplier access, support processes, data exchange, internal workflows or key personnel who turn out to be critical when something goes wrong.<\\\/span><\\\/p>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>That is why it is not enough to ask whether the OT environment is protected. Management must also ask:<\\\/span><\\\/p>\\n\n\n<p class=\\\"isSelectedEnd\\\"><strong>Which parts of the value chain do operations depend on \\u2014 and how quickly can we return to stable operations if they fail?<\\\/strong><\\\/p>\\n\n\n<h2><span>Build a few scenarios that really hurt<\\\/span><\\\/h2>\\n\n\n<p><span>One of the most useful approaches is also one of the simplest: Do not start with everything. Start with a few scenarios that would have serious consequences if they became reality.<\\\/span><\\\/p>\",\"margin\":\"default\"}},{\"type\":\"quotation\",\"props\":{\"author\":\"states Jakob Hviid, Senior Solution Architect at Mj\\u00f8lner\",\"content\":\"\n\n<p>\\u201dTry to define 5-6 scenarios where you can say: If this happened, it would really hurt operations.\\\"<\\\/p>\"}},{\"type\":\"text\",\"props\":{\"column_breakpoint\":\"m\",\"content\":\"\n\n<p class=\\\"isSelectedEnd\\\"><span>It is good advice because it forces the organisation to prioritise. Instead of trying to map every conceivable risk, management can begin with a limited number of incidents that would have serious consequences for operations, supply, safety or reputation.<\\\/span><\\\/p>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>These could, for example, be scenarios such as:<\\\/span><\\\/p>\\n\n\n<ul>\\n\n\n<li class=\\\"isSelectedEnd\\\"><span>A central control system is unavailable for several days<\\\/span><\\\/li>\\n\n\n<li class=\\\"isSelectedEnd\\\"><span>An external supplier loses access to a critical environment<\\\/span><\\\/li>\\n\n\n<li class=\\\"isSelectedEnd\\\"><span>A plant cannot be controlled as expected<\\\/span><\\\/li>\\n\n\n<li class=\\\"isSelectedEnd\\\"><span>An incident in one system affects other parts of operations<\\\/span><\\\/li>\\n\n\n<li class=\\\"isSelectedEnd\\\"><span>A key person or critical support function is unavailable during an incident<\\\/span><\\\/li>\\n<\\\/ul>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>The scenarios do not have to be perfect from the start. What matters is that they are concrete enough for the organisation to begin asking the right questions.<\\\/span><\\\/p>\\n\n\n<h2><span>Make time part of the risk<\\\/span><\\\/h2>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>A scenario becomes far more useful when you add time.<\\\/span><\\\/p>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>It is one thing to say that a system can go down. It is another to ask what it means if it is down for 24, 48 or 72 hours. Then the risk becomes concrete: How long can the function be affected before it impacts supply, safety or operations? Which emergency processes can keep operations running in the meantime? And which suppliers, spare parts or key people are critical to returning to stable operations?<\\\/span><\\\/p>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>Scenario thinking connects security with contingency planning, recovery and concrete courses of action.<\\\/span><\\\/p>\\n\n\n<h2><span>Use the scenarios to prioritise correctly<\\\/span><\\\/h2>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>When the most important scenarios are clear, it becomes easier to determine which investments actually reduce risk the most.<\\\/span><\\\/p>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>This could be technical controls, better visibility into the OT landscape, tighter management of supplier access, contingency plans, testing, spare parts or clear decision paths during an incident.<\\\/span><\\\/p>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>What matters is that prioritisation is based on the consequence for operations and supply - not only on what is easiest to implement.<\\\/span><\\\/p>\\n\n\n<p><span>Jakob puts the difference like this:<\\\/span><\\\/p>\",\"margin\":\"default\"}},{\"type\":\"quotation\",\"props\":{\"content\":\"\n\n<p>\\u201cOn the IT side, it is often about protecting data from unauthorised access. In OT, maintaining the value chain plays a much larger role.\\u201d<\\\/p>\"}},{\"type\":\"text\",\"props\":{\"column_breakpoint\":\"m\",\"content\":\"\n\n<p class=\\\"isSelectedEnd\\\"><span>In OT, it is precisely the ability to maintain the value chain that must guide the work.<\\\/span><\\\/p>\\n\n\n<h2><span>OT risk requires several perspectives<\\\/span><\\\/h2>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>Scenario work cannot be handled by one function alone.<\\\/span><\\\/p>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>There must be clear ownership, but the work only becomes strong when several relevant perspectives are brought into play. OT risk rarely arises in one place. It arises in the interaction between plant operations, IT, suppliers, contingency planning and the business.<\\\/span><\\\/p>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>That is why the scenarios should not only be assessed by OT specialists. They should be reviewed together with the functions that need to act if the scenario becomes reality.<\\\/span><\\\/p>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>For management, the task is to establish a structure where the relevant disciplines work together to assess risk, consequence and possible actions. Otherwise, OT security risks becoming either an isolated specialist project or a risk register with no real impact on operations.<\\\/span><\\\/p>\\n\n\n<h2><span>From concern to decision<\\\/span><\\\/h2>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>OT security only becomes truly valuable when it moves from being a diffuse concern to becoming a way to make better decisions.<\\\/span><\\\/p>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>That is exactly what scenario thinking can do.<\\\/span><\\\/p>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>It helps the organisation focus on what matters most. It makes risk concrete. It creates a shared language between management, operations and specialists. And it makes it easier to prioritise both investments and initiatives.<\\\/span><\\\/p>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>Management can start with four questions:<\\\/span><\\\/p>\\n\n\n<ol>\\n\n\n<li class=\\\"isSelectedEnd\\\"><span>Which functions absolutely need to work for us to deliver our core service?<\\\/span><\\\/li>\\n\n\n<li class=\\\"isSelectedEnd\\\"><span>Which 5-6 scenarios would hit operations the hardest?<\\\/span><\\\/li>\\n\n\n<li class=\\\"isSelectedEnd\\\"><span>How long can we tolerate central systems or supplier connections being unavailable?<\\\/span><br \\\/><span><\\\/span><\\\/li>\\n\n\n<li class=\\\"isSelectedEnd\\\"><span>Who owns the responsibility for testing, prioritising and following up?<\\\/span><\\\/li>\\n<\\\/ol>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>The most important thing is not to find all the answers at once.<\\\/span><\\\/p>\\n\n\n<p class=\\\"isSelectedEnd\\\"><span>The most important thing is to get started with the few scenarios that really matter. Because once they are clear, it also becomes clearer which systems, processes, suppliers and decisions are truly critical.<\\\/span><\\\/p>\\n\n\n<p><span>At Mj\\u00f8lner, we help energy and utility companies translate OT risk into concrete scenarios, priorities and decision-making foundations that management, operations and specialists can act on.<\\\/span><\\\/p>\",\"margin\":\"default\"}}]}]}]},{\"type\":\"section\",\"props\":{\"image_position\":\"center-center\",\"padding_remove_top\":true,\"style\":\"default\",\"title_breakpoint\":\"xl\",\"title_position\":\"top-left\",\"title_rotation\":\"left\",\"vertical_align\":\"middle\",\"width\":\"default\"},\"children\":[{\"type\":\"row\",\"props\":{\"layout\":\"1-2,1-2\"},\"children\":[{\"type\":\"column\",\"props\":{\"image_position\":\"center-center\",\"position_sticky_breakpoint\":\"m\",\"width_medium\":\"1-2\"},\"children\":[{\"type\":\"panel\",\"props\":{\"content\":\"\n\n<p>When IT and OT converge, there is rarely one standard solution. Have an informal conversation with Andr\\u00e9 about how you can strengthen OT security without compromising operations, uptime and safety.<\\\/p>\",\"content_column_breakpoint\":\"m\",\"icon_width\":80,\"image_align\":\"top\",\"image_grid_breakpoint\":\"m\",\"image_grid_width\":\"1-2\",\"image_svg_color\":\"emphasis\",\"link_style\":\"default\",\"link_text\":\"Read more\",\"margin\":\"default\",\"meta_align\":\"below-title\",\"meta_element\":\"div\",\"meta_style\":\"text-meta\",\"title\":\"Do you want to strengthen OT security without obstructing operations?\",\"title_align\":\"top\",\"title_element\":\"h3\",\"title_grid_breakpoint\":\"m\",\"title_grid_width\":\"1-2\",\"title_hover_style\":\"reset\",\"title_style\":\"h3\"}},{\"type\":\"fragment\",\"children\":[{\"type\":\"row\",\"props\":{\"layout\":\"1-2,1-2\"},\"children\":[{\"type\":\"column\",\"props\":{\"image_position\":\"center-center\",\"position_sticky_breakpoint\":\"m\",\"width_medium\":\"1-2\"},\"children\":[{\"type\":\"image\",\"props\":{\"image_border\":\"rounded\",\"image_height\":\"800\",\"image_svg_color\":\"emphasis\",\"image_width\":\"600\",\"margin\":\"default\"},\"source\":{\"query\":{\"name\":\"#parent\"},\"props\":{\"image\":{\"filters\":{\"search\":\"\"},\"name\":\"field.billede.url\"}}}}]},{\"type\":\"column\",\"props\":{\"image_position\":\"center-center\",\"position_sticky_breakpoint\":\"m\",\"width_medium\":\"1-2\"},\"children\":[{\"type\":\"panel\",\"props\":{\"content_column_breakpoint\":\"m\",\"content_margin\":\"remove\",\"icon_width\":80,\"image_align\":\"top\",\"image_grid_breakpoint\":\"m\",\"image_grid_width\":\"1-2\",\"image_svg_color\":\"emphasis\",\"link_style\":\"default\",\"link_text\":\"Read more\",\"margin\":\"default\",\"meta_align\":\"below-title\",\"meta_element\":\"div\",\"meta_style\":\"text-meta\",\"title_align\":\"top\",\"title_element\":\"h3\",\"title_grid_breakpoint\":\"m\",\"title_grid_width\":\"1-2\",\"title_hover_style\":\"reset\",\"title_style\":\"h5\"},\"source\":{\"query\":{\"name\":\"#parent\"},\"props\":{\"title\":{\"filters\":{\"search\":\"\"},\"name\":\"title\"},\"content\":{\"filters\":{\"search\":\"\"},\"name\":\"field.titel\"}}}},{\"type\":\"panel\",\"props\":{\"content_column_breakpoint\":\"m\",\"content_margin\":\"remove\",\"icon_width\":80,\"image_align\":\"top\",\"image_grid_breakpoint\":\"m\",\"image_grid_width\":\"1-2\",\"image_svg_color\":\"emphasis\",\"link_style\":\"default\",\"link_text\":\"\",\"margin\":\"default\",\"meta\":\"aba@mjolner.dk\",\"meta_align\":\"below-title\",\"meta_element\":\"div\",\"meta_margin\":\"remove\",\"meta_style\":\"text-large\",\"panel_link\":true,\"title\":\"Email\",\"title_align\":\"top\",\"title_element\":\"h3\",\"title_grid_breakpoint\":\"m\",\"title_grid_width\":\"1-2\",\"title_hover_style\":\"reset\",\"title_style\":\"h6\"},\"source\":{\"query\":{\"name\":\"#parent\"},\"props\":{\"content\":{\"filters\":{\"search\":\"\"},\"name\":\"field.e_mail\"},\"link\":{\"filters\":{\"search\":\"\",\"before\":\"Mailto:\"},\"name\":\"field.e_mail\"}}}},{\"type\":\"panel\",\"props\":{\"content_column_breakpoint\":\"m\",\"content_margin\":\"remove\",\"icon_width\":80,\"image_align\":\"top\",\"image_grid_breakpoint\":\"m\",\"image_grid_width\":\"1-2\",\"image_svg_color\":\"emphasis\",\"link_style\":\"default\",\"link_text\":\"\",\"margin\":\"default\",\"meta\":\"+45 23 46 04 45\",\"meta_align\":\"below-title\",\"meta_element\":\"div\",\"meta_margin\":\"remove\",\"meta_style\":\"text-large\",\"panel_link\":true,\"title\":\"Phone\",\"title_align\":\"top\",\"title_element\":\"h3\",\"title_grid_breakpoint\":\"m\",\"title_grid_width\":\"1-2\",\"title_hover_style\":\"reset\",\"title_style\":\"h6\"},\"source\":{\"query\":{\"name\":\"#parent\"},\"props\":{\"content\":{\"filters\":{\"search\":\"\"},\"name\":\"field.telefon\"},\"link\":{\"filters\":{\"search\":\"\",\"before\":\"Tel:\"},\"name\":\"field.telefon\"}}}}]}]}],\"props\":{\"margin\":\"default\"},\"name\":\"kontaktformular EN\",\"source\":{\"query\":{\"name\":\"medarbejdere.customTeam\",\"arguments\":{\"terms\":[],\"category_operator\":\"IN\",\"users\":[],\"users_operator\":\"IN\",\"offset\":0,\"order\":\"date\",\"order_direction\":\"DESC\",\"id\":15864}}}}]},{\"type\":\"column\",\"props\":{\"image_position\":\"center-center\",\"position_sticky_breakpoint\":\"m\",\"width_medium\":\"1-2\"},\"children\":[{\"type\":\"html\",\"props\":{\"content\":\"\n\n<div class=\\\"_form_41\\\"><\\\/div><script src=\\\"https:\\\/\\\/mjolnerinformatics.activehosted.com\\\/f\\\/embed.php?id=41\\\" charset=\\\"utf-8\\\"><\\\/script>\"},\"name\":\"HTML EN\"}]}]}]}],\"version\":\"4.4.2\",\"yooessentialsVersion\":\"2.2.14\"} --><\/p>\n","protected":false},"excerpt":{"rendered":"<p>OT security in practice: How management works with the scenarios that can hit operations the hardest When a control system becomes unavailable, vendor access fails, or a plant cannot be controlled as expected, OT security quickly becomes a matter of operations, responsibility and decision-making power. For energy and utility companies, OT security is therefore not [&hellip;]<\/p>\n","protected":false},"author":16,"featured_media":22582,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[361,491,392],"tags":[470,496,471,472,468],"class_list":["post-22797","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-energy-and-utility-en-2","category-it-security-en","tag-critical-infrastructure","tag-energy-and-utility","tag-it-ot-en","tag-operational-technology-en","tag-ot-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>OT security in practice: How management works with the scenarios that can hit operations the hardest - Mj\u00f8lner<\/title>\n<meta name=\"description\" content=\"Get concrete advice on how management can work with OT security through scenarios that protect operations, supply and critical functions.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OT security in practice: How management works with the scenarios that can hit operations the hardest - Mj\u00f8lner\" \/>\n<meta property=\"og:description\" content=\"Get concrete advice on how management can work with OT security through scenarios that protect operations, supply and critical functions.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/\" \/>\n<meta property=\"og:site_name\" content=\"Mj\u00f8lner\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/MjolnerInformatics\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-24T08:24:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-29T12:14:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mjolner.dk\/wp-content\/uploads\/2026\/06\/Energy-Utility-4-1024x685.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"685\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Laura Birkeb\u00e6k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@mjolnerdk\" \/>\n<meta name=\"twitter:site\" content=\"@mjolnerdk\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Laura Birkeb\u00e6k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/\"},\"author\":{\"name\":\"Laura Birkeb\u00e6k\",\"@id\":\"https:\/\/mjolner.dk\/en\/#\/schema\/person\/e1e23edf0a129a9a120fcd4451421ebb\"},\"headline\":\"OT security in practice: How management works with the scenarios that can hit operations the hardest\",\"datePublished\":\"2026-06-24T08:24:07+00:00\",\"dateModified\":\"2026-06-29T12:14:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/\"},\"wordCount\":1710,\"publisher\":{\"@id\":\"https:\/\/mjolner.dk\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mjolner.dk\/wp-content\/uploads\/2026\/06\/Energy-Utility-4.png\",\"keywords\":[\"Critical Infrastructure\",\"Energy and Utility\",\"IT\/OT\",\"Operational Technology\",\"OT-security\"],\"articleSection\":[\"Blog\",\"Energy and Utility\",\"IT security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/\",\"url\":\"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/\",\"name\":\"OT security in practice: How management works with the scenarios that can hit operations the hardest - Mj\u00f8lner\",\"isPartOf\":{\"@id\":\"https:\/\/mjolner.dk\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mjolner.dk\/wp-content\/uploads\/2026\/06\/Energy-Utility-4.png\",\"datePublished\":\"2026-06-24T08:24:07+00:00\",\"dateModified\":\"2026-06-29T12:14:42+00:00\",\"description\":\"Get concrete advice on how management can work with OT security through scenarios that protect operations, supply and critical functions.\",\"breadcrumb\":{\"@id\":\"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/#primaryimage\",\"url\":\"https:\/\/mjolner.dk\/wp-content\/uploads\/2026\/06\/Energy-Utility-4.png\",\"contentUrl\":\"https:\/\/mjolner.dk\/wp-content\/uploads\/2026\/06\/Energy-Utility-4.png\",\"width\":2550,\"height\":1707},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Hjem\",\"item\":\"https:\/\/mjolner.dk\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OT security in practice: How management works with the scenarios that can hit operations the hardest\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/mjolner.dk\/en\/#website\",\"url\":\"https:\/\/mjolner.dk\/en\/\",\"name\":\"Mj\u00f8lner\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/mjolner.dk\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/mjolner.dk\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/mjolner.dk\/en\/#organization\",\"name\":\"Mj\u00f8lner\",\"url\":\"https:\/\/mjolner.dk\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/mjolner.dk\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/mjolner.dk\/wp-content\/uploads\/2017\/11\/logo-white-8.svg\",\"contentUrl\":\"https:\/\/mjolner.dk\/wp-content\/uploads\/2017\/11\/logo-white-8.svg\",\"width\":1,\"height\":1,\"caption\":\"Mj\u00f8lner\"},\"image\":{\"@id\":\"https:\/\/mjolner.dk\/en\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/MjolnerInformatics\/\",\"https:\/\/x.com\/mjolnerdk\",\"https:\/\/www.linkedin.com\/company\/mjolner-informatics-as\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/mjolner.dk\/en\/#\/schema\/person\/e1e23edf0a129a9a120fcd4451421ebb\",\"name\":\"Laura Birkeb\u00e6k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/mjolner.dk\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f61e55c10f1dccdd2ac7b718398a9de3b1d325b4fd788b806e0429fc7e3ed462?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f61e55c10f1dccdd2ac7b718398a9de3b1d325b4fd788b806e0429fc7e3ed462?s=96&d=mm&r=g\",\"caption\":\"Laura Birkeb\u00e6k\"},\"url\":\"https:\/\/mjolner.dk\/en\/author\/laura\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"OT security in practice: How management works with the scenarios that can hit operations the hardest - Mj\u00f8lner","description":"Get concrete advice on how management can work with OT security through scenarios that protect operations, supply and critical functions.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/","og_locale":"en_US","og_type":"article","og_title":"OT security in practice: How management works with the scenarios that can hit operations the hardest - Mj\u00f8lner","og_description":"Get concrete advice on how management can work with OT security through scenarios that protect operations, supply and critical functions.","og_url":"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/","og_site_name":"Mj\u00f8lner","article_publisher":"https:\/\/www.facebook.com\/MjolnerInformatics\/","article_published_time":"2026-06-24T08:24:07+00:00","article_modified_time":"2026-06-29T12:14:42+00:00","og_image":[{"width":1024,"height":685,"url":"https:\/\/mjolner.dk\/wp-content\/uploads\/2026\/06\/Energy-Utility-4-1024x685.png","type":"image\/png"}],"author":"Laura Birkeb\u00e6k","twitter_card":"summary_large_image","twitter_creator":"@mjolnerdk","twitter_site":"@mjolnerdk","twitter_misc":{"Written by":"Laura Birkeb\u00e6k","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/#article","isPartOf":{"@id":"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/"},"author":{"name":"Laura Birkeb\u00e6k","@id":"https:\/\/mjolner.dk\/en\/#\/schema\/person\/e1e23edf0a129a9a120fcd4451421ebb"},"headline":"OT security in practice: How management works with the scenarios that can hit operations the hardest","datePublished":"2026-06-24T08:24:07+00:00","dateModified":"2026-06-29T12:14:42+00:00","mainEntityOfPage":{"@id":"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/"},"wordCount":1710,"publisher":{"@id":"https:\/\/mjolner.dk\/en\/#organization"},"image":{"@id":"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/#primaryimage"},"thumbnailUrl":"https:\/\/mjolner.dk\/wp-content\/uploads\/2026\/06\/Energy-Utility-4.png","keywords":["Critical Infrastructure","Energy and Utility","IT\/OT","Operational Technology","OT-security"],"articleSection":["Blog","Energy and Utility","IT security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/","url":"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/","name":"OT security in practice: How management works with the scenarios that can hit operations the hardest - Mj\u00f8lner","isPartOf":{"@id":"https:\/\/mjolner.dk\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/#primaryimage"},"image":{"@id":"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/#primaryimage"},"thumbnailUrl":"https:\/\/mjolner.dk\/wp-content\/uploads\/2026\/06\/Energy-Utility-4.png","datePublished":"2026-06-24T08:24:07+00:00","dateModified":"2026-06-29T12:14:42+00:00","description":"Get concrete advice on how management can work with OT security through scenarios that protect operations, supply and critical functions.","breadcrumb":{"@id":"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/#primaryimage","url":"https:\/\/mjolner.dk\/wp-content\/uploads\/2026\/06\/Energy-Utility-4.png","contentUrl":"https:\/\/mjolner.dk\/wp-content\/uploads\/2026\/06\/Energy-Utility-4.png","width":2550,"height":1707},{"@type":"BreadcrumbList","@id":"https:\/\/mjolner.dk\/en\/blog\/ot-security-in-practice-how-management-works-with-the-scenarios-that-can-hit-operations-the-hardest\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Hjem","item":"https:\/\/mjolner.dk\/en\/"},{"@type":"ListItem","position":2,"name":"OT security in practice: How management works with the scenarios that can hit operations the hardest"}]},{"@type":"WebSite","@id":"https:\/\/mjolner.dk\/en\/#website","url":"https:\/\/mjolner.dk\/en\/","name":"Mj\u00f8lner","description":"","publisher":{"@id":"https:\/\/mjolner.dk\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/mjolner.dk\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/mjolner.dk\/en\/#organization","name":"Mj\u00f8lner","url":"https:\/\/mjolner.dk\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mjolner.dk\/en\/#\/schema\/logo\/image\/","url":"https:\/\/mjolner.dk\/wp-content\/uploads\/2017\/11\/logo-white-8.svg","contentUrl":"https:\/\/mjolner.dk\/wp-content\/uploads\/2017\/11\/logo-white-8.svg","width":1,"height":1,"caption":"Mj\u00f8lner"},"image":{"@id":"https:\/\/mjolner.dk\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/MjolnerInformatics\/","https:\/\/x.com\/mjolnerdk","https:\/\/www.linkedin.com\/company\/mjolner-informatics-as\/"]},{"@type":"Person","@id":"https:\/\/mjolner.dk\/en\/#\/schema\/person\/e1e23edf0a129a9a120fcd4451421ebb","name":"Laura Birkeb\u00e6k","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mjolner.dk\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f61e55c10f1dccdd2ac7b718398a9de3b1d325b4fd788b806e0429fc7e3ed462?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f61e55c10f1dccdd2ac7b718398a9de3b1d325b4fd788b806e0429fc7e3ed462?s=96&d=mm&r=g","caption":"Laura Birkeb\u00e6k"},"url":"https:\/\/mjolner.dk\/en\/author\/laura\/"}]}},"_links":{"self":[{"href":"https:\/\/mjolner.dk\/en\/wp-json\/wp\/v2\/posts\/22797","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjolner.dk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjolner.dk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjolner.dk\/en\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/mjolner.dk\/en\/wp-json\/wp\/v2\/comments?post=22797"}],"version-history":[{"count":28,"href":"https:\/\/mjolner.dk\/en\/wp-json\/wp\/v2\/posts\/22797\/revisions"}],"predecessor-version":[{"id":22828,"href":"https:\/\/mjolner.dk\/en\/wp-json\/wp\/v2\/posts\/22797\/revisions\/22828"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mjolner.dk\/en\/wp-json\/wp\/v2\/media\/22582"}],"wp:attachment":[{"href":"https:\/\/mjolner.dk\/en\/wp-json\/wp\/v2\/media?parent=22797"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjolner.dk\/en\/wp-json\/wp\/v2\/categories?post=22797"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjolner.dk\/en\/wp-json\/wp\/v2\/tags?post=22797"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}