NSA shares secure OT product guidance
On January 13, the National Security Agency (NSA) joined the Cybersecurity and Infrastructure Security Agency (CISA) and other organizations to publish guidance helping operational technology (OT) owners and operators integrate security when selecting OT products.
The joint Cybersecurity Information Sheet (CSI), “Secure by Demand: Priority Considerations for Operational Technology Owners and Operators in the Selection of Digital Products,” highlights key security elements to consider when purchasing industrial automation and control systems and other OT products, as well as specific questions to ask manufacturers. Many OT products are not designed or developed securely, and they commonly have weaknesses that make them a target for cyber threat actors, including the following: weak authentication, shared software vulnerabilities, limited logging, default settings, default credentials, and default protocols.
“The guidance not only helps owners and operators of critical systems secure their OT procurement lifecycles, it also sends a message to manufacturers to establish a more resilient and flexible cybersecurity foundation in their products,” said Dave Luber, NSA’s cybersecurity director.
The other agencies co-sealing the CSI are the Federal Bureau of Investigation (FBI), the U.S. Department of Energy, the U.S. Environmental Protection Agency (EPA), the U.S. Transportation Security Administration, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), European Commission, Germany’s Federal Office for Information Security (BSI), Netherland’s National Cyber Security Centre (NCSC-NL), New Zealand’s National Cyber Security Centre (NCSC-NZ), and the United Kingdom’s National Cyber Security Centre (NCSC-UK).
The report complements a previously published CSI, “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software,” jointly released in April 2023 and updated in October 2023.
Source: NSA
Start 2025 ahead of the competition with a paid subscription to IC News. You’ll get full access to our searchable archive of 13,000+ articles, plus new articles each weekday.