(TR01) (CFI) Cyber-Resilience and Industrial Robustness: Business Continuity put to the Test of Risk

The challenge of industrial continuity is at the heart of the NIS 2 requirements. It is essential to distinguish between robustness, the system’s ability to absorb a shock or a physical failure, and resilience, the ability to restore service after a major incident, including cyber incidents. The challenge for companies is to integrate cyber-resilience not as a technical constraint, but as a vital business requirement. This implies rethinking the business impact analysis (BIA), evaluating the quality of the control at the OT level, and mobilizing operational teams based on Safety (security of people/assets) to introduce cyber. The maturity of production systems is now measured by this capacity to anticipate the need to restart and adapt.

Where is the operational nuance between equipment robustness and process cyber-resilience in guaranteeing the continuity of essential services?
How to use Safety criteria (operational safety) to integrate cybersecurity from the design stage and engage operational teams?
How can companies budget for and defend cyber investments that primarily protect a business risk, and not just an IT cost?