Home>Berichten>Two packed days with a prominent OT role

Two packed days with a prominent OT role

Auteur zonder afbeelding icoon
Rik Sanders
25 September 2025
7 min
News Article

Two packed days with a prominent OT role

The recent edition of Cybersec Netherlands at Jaarbeurs Utrecht was busy on both days, attracting over four thousand visitors in total. With a wide range of stands, leading speakers, panel discussions, gaming, demonstrations, and a special dome to bring OT security into the spotlight. The overall conclusion: cybersecurity is everyone’s business.

Cybersec Netherlands 2025 took place on September 10 and 11, and according to event manager Paul Verdult, it was a great success. “We paid extra attention to the theme of operational technology in the program, and it really resonated. The sessions on that subject were packed.”

Marcel Jutte, involved in the IPCS (Industrial Platform Cyber Security) community that coordinated the sessions in the OT Dome, confirmed this. “It was very busy on both days. It was about time that OT security became an integral part of an IT security event. People have been talking for years about the need to bring IT and OT closer together, so this is a good step.”

Major impact

Cybersecurity in the industrial sector is complex and different from other sectors. The impact of OT system failures is enormous, and it often takes a long time to restart processes. In fact, OT encompasses more than the term suggests. Patrick van der Burg of the NCSC (National Cyber Security Centre), one of the speakers in the OT theatre, prefers to speak of IACS: Industrial Automation and Control Systems, which include ICS (industrial control systems) and operational technology.

He noticed that many organizations move to recovery too quickly during incidents and restore backups. “But then all traces and evidence are lost, and it’s unclear where intruders may still be hiding in the system. What happens is that they come back two or three months later—much harder.”

OT is real and always real-time

Another speaker, Stefan Rutten of energy company Uniper, emphasized the big difference between IT and OT: “OT is real and always real-time. IT isn’t. In IT security, you close the front door and focus on detecting intruders. Those attackers often want to be identified to demand ransom, for instance. In OT, the hack is almost always internal. Attackers don’t want to be identified. Their goal is not profit, but taking over or destroying the system.”

“It’s important to monitor your OT behavior,” Rutten stated. “So you need to watch the control systems. But many of them are twenty to thirty years old, and you can’t monitor them in real time without influencing the process. That means you need a different approach per location. With IT you can manage a lot with your cybersecurity vendors, but with OT, that’s impossible for that reason.”

An endangered species

Edward van de Langemeen, OT cybersecurity specialist at Modelec, a supplier of OT network solutions, addressed staffing problems in his presentation. In his view, the OT security specialist is an endangered species, just like the Javan rhino or the panda. There are too few of them, and they must be cherished. He observes that executives—who can now also be held liable for OT security issues—often assume that the IT department can simply handle OT security. “But you can’t just deploy IT security specialists. They suddenly encounter legacy PLC systems and Windows XP machines that haven’t been patched. Patching, anti-malware solutions, and zero-trust frameworks don’t work properly on machines, especially those that are twenty years old. That creates a risk of outages.”

“Don’t put IT experiences into an OT jacket,” Van de Langemeen said in the OT Dome. “Invest instead in a good IT toolbox, segmented and tailored to the OT environment. Give OT engineers trust and involve them with the IT department.”

Vegetarian chicken fillet

Besides operational technology, another major theme at Cybersec Netherlands 2025 was data sovereignty (“how do we keep data within the EU”). Several speakers on the main stage in Hall 11 at Jaarbeurs spoke clearly on the matter. Fleur van Leusden, Chief Information Security Officer (CISO) at the Dutch Electoral Council and mentor of Rijks I-trainees, stated that American cloud services cannot be sovereign. Discussions often revolve around intelligence services being able to seize your data under the Cloud Act, but according to Van Leusden the bigger danger is that hyperscalers can deny you access to your data at the request of the U.S. government. When asked whether Microsoft, AWS, and Google can truly offer sovereignty—something they like to claim—there were no satisfactory answers.

Van Leusden didn’t argue that their clouds are unsafe or unusable. But what they offer is in no way sovereign. That label is complete nonsense. After her talk, someone from the audience asked about alternatives. “Yes, they exist. But they’re still in development. There’s still work to be done,” said the government CISO. Another speaker, Frank Breedijk (CISO at IT service provider Schuberg Philis), compared the so-called sovereign cloud offerings of the hyperscalers to vegetarian chicken fillet: “That doesn’t exist either.”

A political question

He showed a map of the Netherlands to illustrate that virtually all municipalities depend almost entirely on Microsoft for email. The map turned orange, the color he used to mark Microsoft’s presence as provider. Breedijk also pointed to U.S. legislation, which states that European subsidiaries of American companies also fall under U.S. law. The political question, then, is whether the long reach of the U.S. government is desirable or acceptable.

The continuity of companies could also be endangered by the application of U.S. law in the EU, Breedijk continued. Threat modeling, in his view, is urgently needed. But are there EU alternatives? He was pessimistic: “There are no European hyperscalers. Our backlog is enormous.”

“Cybersecurity is everyone’s business”

Bert Hubert
Of course, the trade fair also covered many technical, organizational, and strategic aspects. One of the most attended keynotes was by Bert Hubert, cybersecurity advisor and former supervisor of the Dutch intelligence services. He painted a grim picture of the state of Dutch infrastructure. “It’s pre-war. We are already in conflict with Russia. Think of the drone attacks on Poland. But we are insufficiently prepared in cyberspace. The state of our infrastructure is dismal. Some systems fail even before they are attacked. Microsoft Teams is the Dutch government’s communication system in case of an emergency: it’s unimaginable to use such a fragile system.”

Hubert also criticized the lack of IT knowledge among the boards of companies and institutions. “Top management has no idea how bad their organization’s security really is—the employees suffer from that.” His advice: “Connect with the people on the ground who keep your IT services running. Listen to them. Cybersecurity is everyone’s business.”

More visitors

Of course, a trade fair is nothing without visitors, and attendance was higher this year than in previous editions. Gaining knowledge and inspiration remained major values of a professional trade fair. That was also true for visitors Renée de Vries and Ralph Blokpoel of elderly care organization Alerimus. Their biggest concern? De Vries: “How do we create awareness among employees? The biggest issues now are that they log in with each other’s accounts and forget to lock their computers when leaving.”

Blokpoel added: “How do you deal with cybersecurity as a small organization with little budget and little knowledge? The likelihood of something happening keeps increasing. Furthermore, at the International Criminal Court we’ve seen that major American providers can be forced by their government to stop services. How can we keep our systems safe if the primary provider stops delivering? What alternatives do we have? That’s what I’m looking for.”

Not without each other

“You notice that most visitors already have a certain level of knowledge and are now looking for deeper insights,” said Michael van der Vaart, Chief Experience Officer at cybersecurity company Eset, on the exhibition floor. “For example, on the topic of OT. That special dome at the fair attracted professionals working in that field, such as employees of water boards. They asked good, in-depth questions.”

Netania Engelbrecht, community manager and innovation liaison at the security cluster HSD, also saw many more visitors at their booth compared to last year. “Our partners also indicate that these are the right people.” For HSD members, partnerships are important. Netania: “It’s about co-creation, innovating together, and strengthening each other. We now see—just like around 2015—that parties see each other more as ‘conculleagues’ than as pure competitors. The market is so big that they realize they cannot do without each other.”

With contributions from Anton van Elburg, Bouko de Groot, and Alfred Monterie.

Cybersec Netherlands 2025 Cybersecurity Data Sovereignty Industrial Security Operational Technology

Deel

E-mail, brief icoon
Linked in icoon
X corporation icoon
WhatsApp icoon
Delen icoon Vinkje icoon

Gerelateerde artikelen

Pijl naar links icoon Pijl naar rechts icoon
Cybersecurity and Liability: Prevent Your Company from Bearing All the Damage
News
Cybersecurity and Liability: Prevent Your Company from Bearing All the Damage
Cybersecurity and Liability: Prevent Your Company from Bearing All the Damage Cyberattacks have become an everyday reality for IT companies.…
Successful co-location: trade fairs Cybersec Netherlands and Data Expo jointly attract over 10,000 professionals
News
Successful co-location: trade fairs Cybersec Netherlands and Data Expo jointly attract over 10,000 professionals
Successful co-location: trade fairs Cybersec Netherlands and Data Expo jointly attract over 10,000 professionals The third edition of Cybersec Netherlands,…
From Visibility to Resilience: Rethinking OT Security in a Converged World
News
From Visibility to Resilience: Rethinking OT Security in a Converged World
From Visibility to Resilience: Rethinking OT Security in a Converged World Operational Technology (OT) environments underpin critical infrastructure: from water…
 Cybersec Netherlands 2025: From Human Firewall to AI Defense 
News
 Cybersec Netherlands 2025: From Human Firewall to AI Defense 
Cybersec Netherlands 2025: From Human Firewall to AI Defense On 10–11 September 2025, Jaarbeurs Utrecht will host Cybersec Netherlands, the…
Joris den Bruinen: “If every CISO in the Netherlands were to adopt one start-up, then we could really make progress.”
News
Joris den Bruinen: “If every CISO in the Netherlands were to adopt one start-up, then we could really make progress.”
Joris den Bruinen: “If every CISO in the Netherlands were to adopt one start-up, then we could really make progress.”…
Kappa Data: Navigating the Future of Networking and Cybersecurity
News
Kappa Data: Navigating the Future of Networking and Cybersecurity
Kappa Data: Navigating the Future of Networking and Cybersecurity Kappa Data is a value-add distributor in networking and cybersecurity. As…
Blue Overalls and Gray Suits: Marcel Jutte on OT Security
News
Blue Overalls and Gray Suits: Marcel Jutte on OT Security
Blue Overalls and Gray Suits: Marcel Jutte on OT Security OT systems form the foundation of many vital processes, from…
Defending Against Machine-Driven Attacks
News
Defending Against Machine-Driven Attacks
Defending Against Machine-Driven Attacks Machine-driven cyberattacks are faster and harder to detect than traditional threats. Defense requires more than isolated…
Cybersecurity Challenges and Opportunities in 2025
News
Cybersecurity Challenges and Opportunities in 2025
Cybersecurity Challenges and Opportunities in 2025 The Most Pressing Cybersecurity Threats Today Ransomware and state-sponsored cyber espionage remain the most…
Why Ransomware and AI Demand a New Approach to Cybersecurity
News
Why Ransomware and AI Demand a New Approach to Cybersecurity
Why Ransomware and AI Demand a New Approach to Cybersecurity Cybersecurity is evolving rapidly, with organizations facing complex threats and…
Secure Your Data and Protect Your Future with Data Privacy Compliance
News
Secure Your Data and Protect Your Future with Data Privacy Compliance
Secure Your Data and Protect Your Future with Data Privacy Compliance Cybersecurity is no longer an additional layer of defense;…
The Laws of Physics as Your Ultimate Firewall: Ocean Vault\'s Perspective on Modern Cybersecurity
News
The Laws of Physics as Your Ultimate Firewall: Ocean Vault's Perspective on Modern Cybersecurity
The Laws of Physics as Your Ultimate Firewall: Ocean Vault's Perspective on Modern Cybersecurity Addressing critical threats through physical isolation…
© 2025 Jaarbeurs
Cybersec Netherlands is an event organised by Jaarbeurs logo