Joint guidance on the principles of operational technology cyber security

The Canadian Centre for Cyber Security, has joined the Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) and the following international partners in releasing guidance on cyber security for operational technology (OT):

  • Germany’s Federal Office for Information Security (BSI)
  • New Zealand’s National Cyber Security Centre (NCSC-NZ)
  • United Kingdom’s National Cyber Security Centre (NCSC-UK)
  • Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and National Police Agency (NPA)
  • Netherland’s National Cyber Security Centre (NCSC-NL)
  • Republic of Korea’s National Intelligence Service (NIS) and NIS’s National Cyber Security Center
  • United States’:
    • Cybersecurity and Infrastructure Security Agency (CISA)
    • National Security Agency (NSA)
    • Federal Bureau of Investigation (FBI)
    • Multi-State Information Sharing and Analysis Centre (MS-ISAC)

This joint guidance informs decision makers within critical infrastructure (CI) organizations on the risks and impacts of business decisions on the cyber security of OT . This guidance helps organizations make decisions related to the design, implementation and management of OT environments to ensure they are safe, secure and provide business continuity for critical services.

The guidance outlines 6 principles to assist decision makers in creating and maintaining a safe and secure OT environment:

  • Safety is paramount
  • Knowledge of the business is crucial
  • OT data is extremely valuable and needs to be protected
  • Segment and segregate OT from all other networks
  • Supply chain must be secure
  • People are essential for OT cyber security

Decision makers should apply these principles to determine if the potential business decision is likely to adversely impact the cyber security of their OT environment.

Read the joint guidance Principles of OT cyber security.

Date modified: