The Cyber Resilience Compass 2025

Title of box one goes here, try to keep less than 85 characters in lengthAfter acquiring the High Desert Power Plant in California, the private equity firm Middle River Power identified cyber threats to its operational technology (OT) assets as a critical risk. Limited visibility, evolving cyber threats and compliance challenges made it difficult to detect and respond to incidents effectively. To improve detection and response capabilities without disrupting operations, the company sought a comprehensive monitoring solution. Middle River Power collaborated with Siemens Energy to deploy managed detection and response (MDR) services at the plant. Siemens Energy’s analysts, operating from a remote security operations centre (SOC), leverage machine learning and OT expertise to continuously monitor and analyse data, enabling rapid detection of potential anomalies. Moreover, MDR helps Middle River Power to accurately determine which systems have been compromised in the event of an incident. The implementation of MDR also supports regulatory compliance by providing structured security reporting and audit-ready documentation. One immediate benefit of MDR was the early detection of an operational issue – an on-site historian that periodically overheated and rebooted. The system flagged this anomaly, enabling plant operators to resolve the issue before it escalated. Beyond identifying vulnerabilities, MDR allowed Middle River Power to accelerate incident response, reduce downtime and improve compliance efficiency, ultimately increasing the plant’s cyber resilience.CASE STUDY 10 Siemens Energy – Accelerating detection and response: Strengthening OT resilience Crisis management describes all components that an organization uses to respond to and recover from incidents and other crises that affect its resilience. This involves: –Building and training crisis response teams –Designing and reviewing plans –Defining decision-making protocols –Preparing for incidents by establishing alternative technical systems –Developing strategies for external communication Examples of front-line practices that organizations are applying: –CISOs and top leadership establish and exercise crisis response teams that include senior executives and multidisciplinary experts to address various aspects of a cyber incident. To act swiftly during a crisis, teams are created before the crisis and trained to ensure familiarity with response plans and communication channels. –Process owners develop and maintain plans for business continuity, disaster recovery and incident response to ensure preparedness and effective internal communication. Process owners and implementers practise, refine, test and tailor plans to align with organizational context. Consistent processes and policies ensure all departments adhere to the same standards. –Top leadership supported by the CISO defines and refines decision-making protocols and managerial responsibilities to enable a rapid response, particularly in crisis escalation processes. They implement robust risk management analysis and strong trust mechanisms to empower teams at all levels to make decisions for effective and coordinated responses. Some organizations pre-emptively approve rapid response actions that can be taken when certain risk thresholds are met. –Technical teams build infrastructure to prepare for the case of a serious incident. This includes measures such as creating “vaults” to protect critical data by storing it in an isolated environment or establishing alternative back-up communication channels (e.g. out-of-band) to secure communication even when core IT systems have been compromised or are unavailable. –PR teams supported by the CISO and legal teams prepare strategies for external communication during cyber incidents to rapidly address mis- and disinformation and re-establish trust with key stakeholders. This includes mapping those stakeholders in advance and developing predetermined messaging frameworks to ensure swift communication during an incident.3.6 Crisis management The Cyber Resilience Compass: Journeys Towards Resilience 18