Key Takeaways
- The U.S. and six other countries have published security guidance for organizations that run operational technology (OT) to help protect themselves from hackers.
- The guidance offers advice on network segmentation, activity logging, and other security principles to improve OT cybersecurity.
- The document is divided into eight sections, each covering a different OT security principle and offering specific recommendations and warnings.
- The guidance emphasizes the importance of phasing out obsolete technology, designing resilient networks, and limiting risk exposure.
- The document also recommends establishing segmented networks, using multifactor authentication, and enforcing equivalent security measures for third-party vendors.
Introduction to OT Security Guidance
The U.S. and six other countries have come together to publish security guidance for organizations that run operational technology (OT) in an effort to help protect them from hackers. The guidance, titled "Secure connectivity principles for Operational Technology," offers advice on everything from network segmentation to activity logging. The authoring agencies, which include representatives from the U.S., Australia, Canada, Germany, the Netherlands, New Zealand, and the United Kingdom, emphasize the importance of improving OT cybersecurity to challenge attackers’ efforts and raise the threshold necessary to cause physical harm, environmental impact, and disruption.
Understanding the Security Guidance Document
The document is divided into eight sections, each covering a different OT security principle and offering specific recommendations and warnings. One chapter on risk management recommends phasing out obsolete technology that no longer receives security updates, as well as designing networks to remain resilient even after an OT asset failure. Another chapter on protecting network boundaries recommends closing unused ports, using multifactor authentication, and enforcing equivalent security measures for third-party vendors. The document also includes links to other security guidance from the U.K.’s National Cyber Security Centre, the publication’s primary author. By following these guidelines, organizations can improve their OT cybersecurity and reduce the risk of a successful cyber attack.
OT Security Principles and Recommendations
The guidance emphasizes the importance of limiting risk exposure, centralizing network connections for improved visibility, and mitigating the impact of a hack. In the section on activity logging, the document recommends that organizations understand their network’s normal baseline so they can quickly identify anomalous behavior. This can be achieved by establishing a comprehensive logging system that monitors all network activity and provides real-time alerts in case of suspicious behavior. Additionally, the document recommends establishing segmented networks that restrict unnecessary communications and thus limit how far hackers can roam after breaching an enterprise. By implementing these security principles and recommendations, organizations can significantly improve their OT cybersecurity and protect themselves from potential threats.
Context and Background
The publication of this security guidance is part of a series of cybersecurity publications released by the U.S. and Western allies over the past several years. These publications aim to underscore the importance of basic security precautions for technology that is either new or mission-critical. For example, last May, the FBI, the Cybersecurity and Infrastructure Security Agency, and the National Security Agency collaborated with international partners on secure AI development guidance. Three months later, the three organizations, along with others, released a report on creating OT asset inventories, a vital first step in network defense. And last month, the agencies published advice for using AI in OT environments, warning that doing so required careful planning and oversight. These publications demonstrate the ongoing effort by governments and organizations to improve cybersecurity and protect critical infrastructure from potential threats.
Conclusion and Future Directions
In conclusion, the security guidance published by the U.S. and six other countries provides valuable advice and recommendations for organizations that run operational technology. By following these guidelines, organizations can improve their OT cybersecurity and reduce the risk of a successful cyber attack. The publication of this guidance is part of a larger effort to improve cybersecurity and protect critical infrastructure, and it is likely that we will see more publications and initiatives in the future. As technology continues to evolve and new threats emerge, it is essential that organizations stay vigilant and proactive in their cybersecurity efforts. By working together and sharing knowledge and best practices, we can create a safer and more secure digital environment for everyone.