Threat actors are successfully targeting particular operational technology (OT) products, rather than specific organisations, when compromising OT components. Many OT products are not designed and developed with Secure-by-Design principles and commonly have weaknesses. Threat actors can easily exploit these weaknesses across multiple victims and sectors of critical infrastructure to gain access to control systems.
To help reduce the potential damage from these types of attacks, in collaboration with our international partners, we have released a new publication: Secure by Demand: Priority considerations for operational technology owners and operators when selecting digital products.
This publication highlights the key security elements organisations should look for when selecting OT products, particularly industrial automation and control system products. For more details and guidance on questions to ask manufacturers and why these considerations are important, read the full publication.
Brief
On 14/01/2025, the Australian Cyber Security Centre (ACSC) issued an update regarding New Secure by Demand guidance available for operational technology owners and operators. The publication highlights key security elements organisations should look for when selecting OT products, particularly industrial automation and control system products. This guidance aims to reduce potential damage from attacks targeting OT components, which are often exploited across multiple victims and sectors of critical infrastructure.
Highlights content goes here...
Purpose
The primary objective behind releasing “Secure by Demand: Priority considerations for operational technology owners and operators when selecting digital products” is to provide OT product owners and operators with a comprehensive guide on how to select secure OT products, specifically industrial automation and control system products. This publication aims to mitigate the risk of cyber threats targeting OT components by highlighting key security elements that organisations should look for in OT products.
Effects on Industry
The release of this publication is expected to have significant implications for various industries, including those reliant on critical infrastructure, such as energy, transportation, and healthcare. By prioritising secure OT product selection, these industries can reduce the risk of cyber threats compromising control systems and causing potential damage or disruption. As a result, businesses operating in these sectors may experience improved security posture, reduced downtime, and enhanced reputation.
Relevant Stakeholders
The stakeholders affected by this publication include OT product owners and operators, manufacturers of industrial automation and control system products, and various industries reliant on critical infrastructure. These individuals and organisations will benefit from the guidance provided in the publication, which highlights key security elements to consider when selecting OT products. Additionally, cybersecurity professionals and IT departments within these sectors may also find this publication useful for their efforts to protect against cyber threats.
Next Steps
To comply with or respond to the release of “Secure by Demand,” stakeholders are advised to review the publication’s recommendations on secure OT product selection. This involves considering key security elements when selecting OT products, such as Secure-by-Design principles, and engaging with manufacturers to ask questions about their products’ security features. Furthermore, organisations should update their procurement processes to incorporate these considerations and ensure that they are purchasing OT products that meet their security requirements.
Any Other Relevant Information
The release of “Secure by Demand” is a collaborative effort between international partners, demonstrating the growing recognition of the importance of secure OT product selection in protecting against cyber threats. This publication serves as an essential resource for organisations seeking to strengthen their OT product security posture and reduce the risk of cyber attacks compromising control systems.
