ASD Principles of OT Cyber Security

Published by the Australian Signals Directorate.

Photo by Ant Rozetsky on Unsplash

The document titled “Principles of Operational Technology (OT) Cyber Security” outlines cybersecurity guidelines for critical infrastructure organizations, emphasizing safe, secure OT environments. Authored by the Australian Cyber Security Centre (ACSC) and international cybersecurity agencies, the document presents six principles:

  1. Safety is Paramount: Safety must be prioritized above innovation, especially in OT environments with life-threatening risks (e.g., high voltages, chemical hazards). It emphasizes resilient systems and predictable responses to ensure the safety of personnel and infrastructure.

  2. Knowledge of the Business: Organizations should deeply understand their OT systems, including dependencies, system configurations, and processes, to protect critical assets and maintain service continuity. Integrated incident response plans and asset awareness are crucial.

  3. Protect OT Data: OT data, including configuration details, is valuable to adversaries and requires strong protections. Minimizing data access points and implementing alerts on data exfiltration can prevent unauthorized access.

  4. Segmentation and Segregation: OT networks should be isolated from IT networks and external systems to minimize the risk of compromise. Essential OT functions must be managed with clear security boundaries, avoiding reliance on potentially compromised IT environments.

  5. Securing the Supply Chain: Supply chains should be critically assessed, considering risks from all connected devices, including peripheral equipment. Verification measures like firmware validation and cryptographic signatures help mitigate risks.

  6. The Role of People: Human operators are key to OT cybersecurity. Training and cross-functional collaboration are encouraged to build a security-focused culture and enhance incident identification and response capabilities.

This document serves as a strategic guide for decision-makers in OT environments, ensuring that cybersecurity practices are integrated with safety and operational resilience priorities.

Share the Post:

Related Posts