A new set of security principles aimed at protecting operational technology (OT) environments has been released by the US Cybersecurity and Infrastructure Security Agency (CISA), the United Kingdom’s National Cyber Security Centre (NCSC) and the Federal Bureau of Investigation (FBI), alongside international partners.
The guidance addresses growing risks linked to insecure connectivity in systems that underpin essential services, outlining a shared framework to help organizations design and manage secure connectivity in OT environments.
Led by NCSC-UK, the guidance responds to increased interconnection between industrial systems and enterprise networks, a trend that has improved efficiency but expanded the attack surface for cyber threat actors.
Building More Secure Connectivity in OT Systems
The document sets out clear goals for building secure connectivity into OT systems from the outset. It focuses on reducing exposure to both highly capable and opportunistic adversaries, including nation state-sponsored actors, by embedding security into network design rather than treating it as an afterthought.
Operational technology networks increasingly support real-time analytics, remote monitoring and predictive maintenance, the guide explains. These benefits, however, come with heightened cyber-risk that could lead to physical harm, environmental damage or service disruption.
“As operational technology systems benefit from greater connectivity and attract more attention from adversaries, it is vital that cybersecurity is treated as a foundational requirement that supports physical safety outcomes, uptime and service continuity,” said NCSC chief technology officer, Ollie Whitehouse.
Security leaders also say the guidance reflects the growing reality of OT-targeted attacks.
“With the rise in attacks from groups like China’s Salt Typhoon and Russia’s CARR, protection of operational technology has never been more significant,” explained Pete Luban, field CISO at AttackIQ.
He added that this technology is “often the backbone of critical infrastructure like energy generation plants or transportation networks.”
Luban also highlighted adversarial emulation as an additional safeguard.
“Testing cyber defenses against tactics commonly deployed by known threat groups allows security teams to identify where critical vulnerabilities lie and work to patch them before intruders can utilize them against operational technologies,” he concluded.