The Cybersecurity and Infrastructure Security Agency (CISA), UK’s National Cyber Security Centre, FBI, and international partners have released Secure Connectivity Principles for Operational Technology. This joint guidance, led by NCSC-UK, helps organizations mitigate exposed and insecure connectivity and protect networks from highly capable and opportunistic cyber threat actors, including nation state-sponsored actors.
Operational technology (OT) network environments are increasingly interconnected, delivering benefits like real-time analytics, remote monitoring and predictive maintenance. However, this connectivity also heightens the risk to cyber intrusions that could cause physical harm, environmental damage, or disrupt essential services. This guide offers owners and operators a framework with clear goals for designing secure connectivity into their environments.
“This guide underscore’s CISA’s unwavering commitment to working hand-in-hand with U.S. and international partners to provide timely, actionable cybersecurity guidance. By providing OT organizations with practical steps to design, secure, and manage connectivity in OT environments, we help defend critical infrastructure against malicious and state-sponsored cyber threats,” said CISA Executive Assistant Director for Cybersecurity Nick Andersen. “Together with our partners, CISA also urges OT device manufacturers and integrators to embrace secure-by-design principles because building security in from the start is the most effective way to reduce risk and safeguard the nation’s vital systems.”
“As operational technology systems benefit from greater connectivity and attract more attention from adversaries, it is vital cyber security is treated as a foundational requirement that supports physical safety outcomes, uptime and service continuity,” said NCSC Chief Technology Officer Ollie Whitehouse. “Co-created with international partners and with extensive industry collaboration, the new NCSC guidance offers a clear, practical framework for designing and maintaining secure connectivity, reducing attack surface and boosting resilience. We strongly recommend OT practitioners worldwide follow the eight key principles to help make confident, security-led decisions that will safeguard critical services and strengthen trust in connected systems.”
“Operational Technology systems quietly power the essential services Americans rely on every day, making their secure connectivity a matter of national importance,” said FBI Cyber Assistant Director Brett Leatherman. “This joint guide serves as a reminder that OT systems are uniquely vulnerable and increasingly targeted, which is why timely mitigation and shared defenses are critical to staying ahead of the threat.”
With our U.S. and international partners, CISA strongly encourages organizations to review this joint guide, assess their OT connectivity and implement the recommended mitigations to strengthen critical infrastructure defenses against these opportunistic threats.
The original announcement can be found here.
