We came to the conclusion that process automation is not an aid, but an asset that is indispensable in the control and operation of the primary process. In addition, it showed us the potential vulnerability of the way we used to work. Without a smoothl running process automation, the primary process will come to a standstill or the end product will fail to meet the quality requirements. Information security (cyber security) should offer a solution. At Rijnland, the team has been strengthened with an Information Security Process Automation Advisor in the person of Hans Smit, working in close cooperation with Hudson Cybertec. “Digitization has many advantages for us,” says Smit, “but we also realize that failure of digital means makes us vulnerable. Not only hardware failure, but also cyber risks are increasingly included in our policy. The BIO (Baseline Informatiebeveiliging Overheid/Baseline Information security Government) gives us guidance to take measures in the field of process automation. For our process automation, we have chosen to conform to the international standard for cybersecurity within operational technology, IEC 62443, because the BIO in its current form does not offer sufficient guidance for process automation”.