14 January 2025
The National Cyber Security Centre (NCSC) has joined the United States Cybersecurity and Infrastructure Security Agency (CISA) and other international partners to release guidance for operational technology (OT) owners and operators on integrating security into their procurement process.
CISA and its partners warn that cyber threat actors often target specific OT products — rather than specific organisations — when attempting to compromise OT environments.
This guidance helps owners and operators select OT products, particularly industrial automation and control system products, that prioritise secure-by-demand features. Choosing manufacturers that incorporate these principles can help buyers establish a resilient and flexible cyber security foundation to build on over time.
By ensuring secure products are deployed within their networks, critical infrastructure owners and operators can reduce potential damage from cyber threats and protect their systems from exploitation.