To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new step-by-step guide designed to help organizations select and deploy secure operational technology (OT) products.
The guide, titled “Secure by Demand: Priority Considerations for OT Owners and Operators when Selecting Digital Products,” highlights key security features and considerations for product procurement to ensure resilience against cyberattacks.
Critical infrastructure sectors such as energy, transportation, and water rely on OT systems to manage essential services.
However, OT devices are often targeted by cyber adversaries due to vulnerabilities like weak authentication, limited logging, and outdated protocols.
Strengthening security at the design and development stage is critical to preventing disruptions that could affect public safety and undermine societal and economic stability.
CISA’s guidance places emphasis on Secure by Design principles, aiming to shift cybersecurity responsibility from operators to manufacturers.
It also aligns with global regulatory efforts, including the European Union’s Cyber Resilience Act, which mandates manufacturers integrate security features during the product design phase.
The document outlines 12 priority security elements that OT owners and operators—referred to as “buyers”—should evaluate when selecting products. These include:
The guide aims to empower buyers to evaluate OT product manufacturers based on their adherence to Secure by Design principles and international standards such as ISA/IEC 62443 and NIST cybersecurity frameworks.
By selecting products designed with these elements, buyers can create long-term, adaptable cybersecurity foundations for their critical systems.
CISA also provides practical advice for buyers to ask manufacturers, covering areas like vulnerability handling, update policies, system interoperability, and secure communications.
The guidance underscores that buyers should prioritize products that balance innovation with security and resilience.
This document is part of CISA’s broader Secure by Demand initiative, developed in partnership with agencies like the NSA, FBI, and international entities such as the UK’s National Cyber Security Centre (NCSC) and Canada’s Centre for Cyber Security (CCCS).
By aligning with global frameworks, the guide seeks to create a unified approach to cybersecurity for critical infrastructure across borders.
CISA hopes the initiative will not only standardize secure product selection processes but also encourage vendors to adopt a proactive approach to cybersecurity.
Critical infrastructure operators, in turn, will be better equipped to safeguard their systems and maintain public trust in the face of evolving threats.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
Claude AI, developed by Anthropic, has been exploited by malicious actors in a range of…
As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting U.S.…
Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the notorious…
MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool in…
Cybercriminals are intensifying their efforts to undermine multi-factor authentication (MFA) through adversary-in-the-middle (AiTM) attacks, leveraging…
A recent investigation by the FortiGuard Incident Response (FGIR) team has uncovered a sophisticated, long-term…