The Canadian Centre for Cyber Security (Cyber Centre) has joined the United Kingdom’s National Cyber Security Centre (NCSC-UK) and the following international partners in releasing guidance on creating and maintaining a definitive view of operational technology (OT) architecture:
- Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
- Germany’s Federal Office for Information Security (BSI)
- Netherlands’ National Cyber Security Centre (NCSC-NL)
- New Zealand’s National Cyber Security Centre (NCSC-NZ)
- United States’ Cybersecurity and Infrastructure Security Agency (CISA)
- United States’ Federal Bureau of Investigation (FBI)
This joint guidance defines a principles-based approach that OT organizations can use to build, maintain and store their system’s understanding. It is intended for cyber security professionals working in OT organizations across greenfield and brownfield deployments and includes the following principles:
- Principle 1: Defining processes for establishing and maintaining the definitive record
- Principle 2: Establishing an OT information security management program
- Principle 3: Identifying and categorizing assets to support informed risk-based decisions
- Principle 4: Identifying and documenting connectivity within your OT system
- Principle 5: Understanding and documenting third-party risks to your OT system
Cyber security professionals can use these principles as a framework to develop a comprehensive record of their systems.
This joint guidance has been developed with contributions from partnering agencies and is part of a series of publications aiming to draw attention to the importance of cyber security in operational technology.
Read the full joint publication: Creating and maintaining a definitive view of your operational technology (OT) architecture