NSA shares six OT cybersecurity principles

On October 2, the National Security Agency (NSA) joined the Australian Signals Directorate’s Australian Cyber Security Centre (ASD ACSC) and others to release the Cybersecurity Information Sheet (CSI), “Principles of Operational Technology Cyber Security,” to promote six principles that guide the creation and maintenance of a safe, secure critical infrastructure operational technology (OT) environment. The purpose of the guidance is to enhance cybersecurity methods to ensure the protection of critical infrastructure including water, energy, transportation, and other systems.

The CSI outlines six principles:

  1. Safety is paramount.
  2. Knowledge of the business is crucial.
  3. OT data is extremely valuable and needs to be protected.
  4. Segment and segregate OT from all other networks.
  5. The supply chain must be secure.
  6. People are essential for OT cybersecurity.

 

The CSI explains why each principle is critical while illustrating examples, implications, and questions to consider.

“Public safety and strengthening our cybersecurity posture are at the heart of this particular CSI,” according to Dave Luber, NSA Cybersecurity Director. “The six principles of operational technology cybersecurity explored in this CSI are vitally important to anyone wanting to strengthen their cybersecurity posture and especially important for those who work in an operational technology environment supporting our nation’s critical systems.”

The co-sealing agencies on this CSI are the Australian Signals Directorate’s Cyber Security Centre (ASD’s ACSC), National Security Agency (NSA), U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigations (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), United Kingdom National Cyber Security Center (NCSC-UK), Canadian Centre for Cyber Security (CCCS), New Zealand’s National Cyber Security Centre (NCSC-NZ), Germany’s Federal Office for Information Security (BSI Germany), the Netherlands’ National Cyber Security Center (NCSC-Netherlands), Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and National Police Agency (NPA), and the Republic of Korea’s National Intelligence Service (NIS) and NIS’ National Cyber Security Center (NCSC).

Read the full report here.

Source: NSA

Stay in the know with breaking news from across the IC and IC contracting landscape by becoming a paid subscriber to IC News. Your support makes our work possible.