Agencies issue eight principles for OT cybersecurity
A new guide developed by several U.S. and international agencies shares eight principles for ensuring cybersecurity in operational technology (OT).
The “Secure connectivity principles for operational technology” guidance is part of a series of publications that highlight the importance of OT cybersecurity. The effort was led by the UK National Cyber Security Centre in partnership with several other agencies, including the U.S. Cybersecurity and Infrastructure Security Agency and the FBI.
In an era of increasing facilities management efficiencies driven by OT, the report acknowledges that although these connected devices are designed to drive operational improvements, they also come with areas of great vulnerability.
“Organizations deploying or operating OT systems often face challenges in prioritizing cybersecurity due to operational constraints, such as dependence on legacy technologies that were never designed for modern connectivity or security requirements,” the report states. “These challenges are compounded by the increasing use of third-party vendors, remote-access solutions and supply chain integrations, all of which expand the potential attack surface. In an OT environment, risks are elevated since a cyber-intrusion can lead to physical harm, environmental impact, or potentially the disruption of an operator of essential service.”
The report lays out eight principles with key action steps, further resources and desired end-states. The eight principles are:
- Principle 1: Balance the risks and opportunities
- Principle 2: Limit the exposure of your connectivity
- Principle 3: Centralize and standardize network connections
- Principle 4: Use standardized and secure protocols
- Principle 5: Harden your OT boundary
- Principle 6: Limit the impact of compromise
- Principle 7: Ensure all connectivity is logged and monitored
- Principle 8: Establish an isolation plan
Through careful planning guided by these eight principles, health care organizations can develop and implement their own plans to create a secure OT environment. Read the report to learn more.
Related Articles
NFPA report reviews risks associated with smart buildings
The NFPA's Fire Protection Research Foundation report dissects the impact of smart building technology on life safety and presents a roadmap to address its challenges.
Hospitals pilot virtual reality training for infection prevention
Massachusetts hospitals explore the potential of emerging technologies to better teach cleaning and disinfection protocols..
Driving health care technology decisions
A roadmap for resilience, adaptability and mission-aligned outcomes.