Six Principles of Operational Technology Cybersecurity Released

By

The principles are jointly endorsed by the Australian Signals Directorate, NSA, CISA, and more.

The National Security Agency (NSA), along with the Australian Signals Directorate’s Australian Cyber Security Centre, CISA, and other government organizations, have released six general Principles of Operational Technology Cyber Security.

The principles, which are aimed at securing operational technology (OT) environments in critical infrastructure, are as follows:

  1. 1. Safety is paramount.
  2. 2. Knowledge of the business is crucial.
  3. 3. OT data is extremely valuable and needs to be protected.
  4. 4. Segment and segregate OT from all other networks.
  5. 5. The supply chain must be secure.
  6. 6. People are essential for OT cybersecurity.

The document includes examples and explores implications related to each of these principles to help OT professionals effectively develop processes and prioritize actions.

For example, in regard to supply chain security, the guidelines note that:

Some control systems protocols communicate via multicast or broadcast messages, which are sent to all devices on the network. As such, almost any device on the network may be able to view critical control messages and could create and inject messages to cause an undesirable action, making the supply chain of all devices critical.

Read more at NSA.
 
 

 
 
 

10/11/2024
cybersecurity , Security

Related content

  • NSA Offers Best Practices for OSS in Operational Technology
    more »
  • News for Admins
    In the news:Open Source AI Definition Now Available; Sysdig Report Highlights LLMjacking and Other Security Threats; Microsoft Releases OpenHCL, an Open Source Paravisor; NASA Moves Forward with Lunar Time Zone; Open Source Malware on the Rise, According to Sonatype Report; Six Principles of Operational Technology Cybersecurity Released; New Password Rules Recommended by NIST; OpenSSH 9.9 Released; Docker Updates Usage Plans.
    more »
  • Tech News
    In the news: Hetzner Announces S3-Compatible Object Storage; Ongoing Cyberattack Prompts New CISA Guidance for Communications Infrastructure; OpenMP 6.0 Released; Open Source Development Improves Software Security, Says LF Report; Most Organizations Are Unprepared for Climate-Related Disruptions; and SUSE Cloud Observability Announced.
    more »
  • News for Admins
    In the news: DHS Releases New Guidelines for Securing Critical Infrastructure; Datadog Report Examines DevSecOps Best Practices; Upskilling Key to Tech Staffing Challenges, Says LF Survey; 2024 Open Source Pros Job Survey Report Released; OpenSSF Issues Guidance to Help Prevent Social Engineering Attacks; Black Duck Supply Chain Edition Released by Synopsys; Spectra Logic Announces New Tape Libraries and Management Software; LPI Launches Open Source Essentials Program; Apache Software Foundation Celebrates 25 Years; SUSE Announces Rancher Prime 3.0; NSA Issues Zero Trust Guidelines for Network Security; and NIST Releases Major New Version of Cybersecurity Framework.
    more »
  • News for Admins
    In the news: Red Hat Announces Ansible Lightspeed with IBM watsonx Code Assistant; Dell APEX Cloud Platform for Red Hat OpenShift Announced; NSA Offers Best Practices for OSS in Operational Technology Environments; Civil Infrastructure Platform Adds New Super-Long-Term Linux Kernel; HTTP/2 Protocol Exploited in Largest DDoS Attack Ever; Docker Announces Three New Products for Secure App Delivery; CloudBees Updates Jenkins and Offers New DevSecOps Platform; Linkerd 2.14 Released with Improved Multi-Cluster Support; NIST Releases Draft of Cybersecurity Framework v2.0; CISA and MITRE Announce Open Source Caldera for OT
    more »
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=