In a recent development, CISA, along with U.S. and international partners, has unveiled a new joint guidance document titled “Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products.” This guidance, part of CISA’s Secure by Demand series, aims to assist customers in identifying manufacturers committed to continuous improvement and achieving a better cost balance. It also outlines how Operational Technology (OT) owners and operators can integrate secure by design elements into their procurement process.
The focus of this guidance is critical, particularly in light of the increasing threats faced by critical infrastructure and industrial control systems from cyberattacks. The agencies behind the document have issued a warning about threat actors targeting specific OT products rather than specific organizations. Many OT products on the market do not adhere to Secure by Design principles and may possess vulnerabilities that can be easily exploited. Therefore, it is crucial for OT owners and operators to prioritize products from manufacturers that emphasize the security elements outlined in this guidance during the procurement process.
For those seeking more information on the factors to consider during procurement discussions, CISA has also provided a guide titled “Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem.” Additionally, individuals interested in learning more about secure by design principles and practices can visit the Secure by Design website hosted by CISA.
The release of this joint guidance underscores the importance of ensuring that digital products selected by OT owners and operators are secure and resilient against cyber threats. By following the recommendations outlined in the document and collaborating with trusted manufacturers, organizations can enhance their cybersecurity posture and mitigate the risks associated with potential cyberattacks targeting critical infrastructure and industrial control systems.
The collaboration between CISA and its partners in releasing this guidance demonstrates a collective effort to address cybersecurity challenges in the operational technology landscape. It also highlights the importance of proactive measures in securing digital products to safeguard critical infrastructure and industrial systems from malicious actors.
Overall, the release of the joint guidance signals a significant step towards enhancing cybersecurity practices in the OT sector, emphasizing the need for secure by design principles in selecting digital products. As threats continue to evolve, it is vital for organizations to stay vigilant and prioritize cybersecurity in their procurement processes to mitigate risks and ensure the resilience of critical infrastructure and industrial control systems against cyber threats.