Applicability of Security Standards for Operational Technology by SMEs and Large Enterprises.

Establishing adequate cybersecurity for their operational technology (OT) is an existential challenge for manufacturing enterprises. Domain-specific security standards should provide essential support in this challenge. However, they cannot be implemented equally for enterprises of all sizes.We investigate to what extent domain-specific security standards for operational technology are applicable by small and medium-sized as well as large manufacturing enterprises, and how their individual need for action can be identified and addressed. We support our investigation with the results of two independent surveys among manufacturers about their needs for cybersecurity support.In the course of this investigation, we learned that most domain-specific security standards are well applicable to large enterprises. In contrast, small and medium-sized enterprises (SME) seek the support of security experts, who, for their part, are often struggling with a lack of experience in operational technology. To facilitate this cooperation, we provide an introduction for OT-and cybersecurity-experts to the respective basic concepts of their collaborators.