Operational technology security for built-environment systems — BMS, SCADA, ICS hardening aligned to NIS2 Directive (EU 2022/2555), the IEC 62443 framework, and incident response for the regulated estate.
10 lessons taking you from fundamentals through to working application — written for engineers and decision-makers, not students.
Why this course exists. NIS2 expanded the scope of EU cybersecurity regulation to include ~160,000 entities — building operators among them. Most M&E engineers don't know they're now in scope. This course gives you the working knowledge to find out, and to fix it.
Who it's for. M&E engineers, BMS integrators, facility managers, asset managers operating critical infrastructure, and compliance officers handling NIS2 implementation.
How it's written. Ten lessons that frame OT security as it actually is — different from IT, with different threat models, different lifecycles, different priorities. Anchored to NIS2, IEC 62443, and ENISA / CISA threat intelligence.
Read in order, or jump to the lesson you need. Each lesson stands alone but the course flows from foundation to application.
OT vs IT — air-gap myth, real protocols, why CIA triad inverts.
NIS2 Directive scope, essential vs important entities, member-state transposition.
IEC 62443 zones, conduits, security levels, lifecycle approach.
BMS attack surface, default credentials, segmentation strategy.
SCADA / ICS hardening — Modbus, DNP3, OPC UA, BACnet.
Purdue model, network segmentation, firewall rules for OT.
CVE vs CVSS, patching constraints in OT, virtual patching.
Incident response for built environment — playbooks, communications.
ENISA threat landscape, CISA advisories, MITRE ATT&CK for ICS.
Cross-walking NIS2 requirements to IEC 62443 and ISO 27001 controls.
Structured to support self-certified CPD logging. Each lesson provides clear learning objectives, technical content, knowledge checks, and downloadable evidence — the four elements UK chartered bodies recognise for self-certified CPD entries.
Eight outcomes. Read the course end-to-end and you’ll be able to act on each one without looking up the standard.
Distinguish OT from IT security and explain the difference to leadership.
Apply NIS2 obligations to your specific entity classification.
Implement IEC 62443 across system zones and conduits.
Harden a BMS against typical attack patterns.
Segment OT networks from corporate IT and from the internet.
Run vulnerability management in OT without breaking production.
Plan incident response for built-environment OT (BMS, SCADA, ICS).
Map compliance overlap between NIS2, IEC 62443, ISO 27001.
First 2 lessons are free, no signup. For the rest, pick what fits.
Team licences from £99/seat (5+ seats). Contact hello@novtriq.tech.
Three companion courses that pair well with Cybersecurity OT & NIS2.
No signup, no card. Read the first lessons, take the quizzes — then decide.
START LESSON 1 → BACK TO ALL COURSES