The Canadian Centre for Cyber Security (Cyber Centre) has joined the United Kingdom’s National Cyber Security Centre (NCSC-UK) and the following international partners in releasing guidance on secure connectivity principles for operational technology (OT):
- Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
- Germany’s Federal Office for Information Security (BSI)
- Netherlands’ National Cyber Security Centre (NCSC-NL)
- New Zealand’s National Cyber Security Centre (NCSC-NZ)
- United States’ Cybersecurity and Infrastructure Security Agency (CISA)
- United States’ Federal Bureau of Investigation (FBI)
Organizations deploying or operating OT systems often face challenges in prioritizing cyber security due to operational constraints. An example of such a constraint is the dependence on legacy technologies that were never designed for modern connectivity or security requirements. Opportunistic and highly capable threat actors are known to target exposed and insecure OT connectivity.
This joint guidance outlines the desirable end-states that organizations should achieve when designing connectivity into OT environments. The end-states are intended as goals rather than minimum requirements.
System owners should use these principles as a framework to design, implement and manage secure OT connectivity, for both new and existing OT systems. These principles are particularly critical for operators of essential services.
Read the full joint publication: Secure connectivity principles for operational technology (OT).