An official website of the United States government
Here's how you know
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Press Release | Oct. 2, 2024

NSA joins Australian Signals Directorate and Others in Promoting Six Principles of Operational Technology (OT) Cybersecurity

FORT MEADE, Md. – The National Security Agency (NSA) is joining the Australian Signals Directorate’s Australian Cyber Security Centre (ASD ACSC) and others to release the Cybersecurity Information Sheet (CSI), “Principles of Operational Technology Cyber Security,” to promote six principles that guide the creation and maintenance of a safe, secure critical infrastructure operational technology (OT) environment. The purpose of the guidance is to enhance cybersecurity methods to ensure the protection of critical infrastructure including water, energy, transportation, and other systems. 

The CSI outlines six principles:

  1. Safety is paramount.
  2. Knowledge of the business is crucial.
  3. OT data is extremely valuable and needs to be protected.
  4. Segment and segregate OT from all other networks.
  5. The supply chain must be secure.
  6. People are essential for OT cybersecurity.

The CSI explains why each principle is critical while illustrating examples, implications, and questions to consider.

“Public safety and strengthening our cybersecurity posture are at the heart of this particular CSI,” according to Dave Luber, NSA Cybersecurity Director. “The six principles of operational technology cybersecurity explored in this CSI are vitally important to anyone wanting to strengthen their cybersecurity posture and especially important for those who work in an operational technology environment supporting our nation’s critical systems.”

The co-sealing agencies on this CSI are the Australian Signals Directorate’s Cyber Security Centre (ASD’s ACSC), National Security Agency (NSA), U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigations (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), United Kingdom National Cyber Security Center (NCSC-UK), Canadian Centre for Cyber Security (CCCS), New Zealand’s National Cyber Security Centre (NCSC-NZ), Germany’s Federal Office for Information Security (BSI Germany), the Netherlands’ National Cyber Security Center (NCSC-Netherlands), Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and National Police Agency (NPA), and the Republic of Korea’s National Intelligence Service (NIS) and NIS’ National Cyber Security Center (NCSC).

Read the full report here.
 
Visit our full library for more cybersecurity information and technical guidance.
 


NSA Media Relations
MediaRelations@nsa.gov
443-634-0721