Partner content
NSA Releases 6 principles of OT cybersecurity
The National Security Agency (NSA) joined cybersecurity agencies from Australia, Canada, Germany, Japan, the Netherlands, New Zealand, South Korea, and the United Kingdom to publish a guide outlining six principles that can be used to guide the creation and maintenance of a safe, security critical infrastructure operational technology (OT) environment. “Principles of Operational Technology Cyber Security” offers security practitioners ways to bolster the security of critical infrastructure, including water, energy, and transportation systems.
The document encourages organizations to determine whether making changes to their OT systems will impact or break any of the principles, which would likely introduce vulnerabilities into the OT environment, and to examine whether the right security controls are in place to mitigate risk.
The six principles are as follows:
-
Safety is paramount. While changes to corporate IT systems could disrupt business continuity, the stakes are higher for OT environments. Changes to critical infrastructure could lead to deadly threats to human life or significant damage to equipment or the environment. Failures to water and power infrastructure can be catastrophic for communities and individuals. In order to keep communities safe, OT managers should consider how systems are able to be restarted and backed up to minimize potential for downtime. Thinking about safety and reliability needs to permeate all tasks, even the most common cyber-hygiene tasks.
-
Knowledge of the business is crucial. Teams should know what needs to be protected and what parts of the business are essential to providing services. And when leadership stakeholders are aware of cybersecurity concerns and practices, outcomes improve. In practice, activities supporting this principle could include creating cybersecurity incident response playbooks and business continuity plans that contain enough information. Color coding types of cables and identifying their functions so that practitioners can work quickly in an emergency is another idea.
To read the complete article, visit Dark Reading.
