A new report from the Cybersecurity and Infrastructure Security Agency (CISA) and other organizations will help businesses reduce their exposure to cyber risk in operational technology (OT) network environments.
The report, Secure Connectivity Principles for Operational Technology, released in partnership with the United Kingdom’s National Cyber Security Centre (NCSC-UK), the Federal Bureau of Investigation (FBI) and other international partners, provides organizations with guidance on mitigating their exposure and protecting their networks from cyber threat actors, including nation state-sponsored actors.
“This guide underscore’s CISA’s unwavering commitment to working hand-in-hand with U.S. and international partners to provide timely, actionable cybersecurity guidance. By providing OT organizations with practical steps to design, secure, and manage connectivity in OT environments, we help defend critical infrastructure against malicious and state-sponsored cyber threats,” CISA Executive Assistant Director for Cybersecurity Nick Andersen. “Together with our partners, CISA also urges OT device manufacturers and integrators to embrace secure-by-design principles because building security in from the start is the most effective way to reduce risk and safeguard the nation’s vital systems.”
The group said OT network environments are increasingly interconnected and able to provide benefits to organizations like real-time analytics, remote monitoring and predictive maintenance. But the connectivity creates increased risks when it comes to cyber intrusions that could put an organization in danger. Officials said the guide offers owners and operators a framework with clear goals for designing secure connectivity.
“As operational technology systems benefit from greater connectivity and attract more attention from adversaries, it is vital cyber security is treated as a foundational requirement that supports physical safety outcomes, uptime and service continuity,” NCSC Chief Technology Officer Ollie Whitehouse. “We strongly recommend OT practitioners worldwide follow the eight key principles to help make confident, security-led decisions that will safeguard critical services and strengthen trust in connected systems.”