Six Principles of Operational Technology Cybersecurity Released

By

The principles are jointly endorsed by the Australian Signals Directorate, NSA, CISA, and more.

The National Security Agency (NSA), along with the Australian Signals Directorate’s Australian Cyber Security Centre, CISA, and other government organizations, have released six general Principles of Operational Technology Cyber Security.

The principles, which are aimed at securing operational technology (OT) environments in critical infrastructure, are as follows:

  1. 1. Safety is paramount.
  2. 2. Knowledge of the business is crucial.
  3. 3. OT data is extremely valuable and needs to be protected.
  4. 4. Segment and segregate OT from all other networks.
  5. 5. The supply chain must be secure.
  6. 6. People are essential for OT cybersecurity.

The document includes examples and explores implications related to each of these principles to help OT professionals effectively develop processes and prioritize actions.

For example, in regard to supply chain security, the guidelines note that:

Some control systems protocols communicate via multicast or broadcast messages, which are sent to all devices on the network. As such, almost any device on the network may be able to view critical control messages and could create and inject messages to cause an undesirable action, making the supply chain of all devices critical.

Read more at NSA.
 
 

 
 
 

10/11/2024

Related content

comments powered by Disqus