A Summary of the ACSC’s Guidance for Operational Technology

By Published On: 16 October 2024Categories: Corporate Governance, Security, Tech & Data

Many of us are familiar with the linkages between Critical […]

Share This Article:

Many of us are familiar with the linkages between Critical Infrastructure, Operational Technologies (OT) and the normal operation of society. The thought of being without power, water or transport is more than an inconvenience.

Time and time again, we hear about key systems and their cyber threats causing issues, and this is increasing year on year. Locally, the Australian Cyber Security Centre (ACSC) has released updated guidance which has six principles that can assist with securing these environments.

  1. Safety is Paramount

Without question, the safety aspects of OT systems remains a key focus. Protecting the processes that prevent adverse safety impacts on people or the environment, at either a small or large scale, means that potential hazards need to be identified and mitigated proactively as a priority.

  1. Knowledge of the Business is Crucial

Understanding what business you’re in is also critical in managing its cyber security effectively. Are you focusing on unrelated aspects, perhaps in the corporate space whilst the critical systems are being neglected? This principle focuses on knowing the business processes and how the unique requirements will allow you to develop specific strategies to protect mission critical assets.

  1. OT Data is Extremely Valuable and Needs to be Protected

Data that relates to operational technology should be considered a critical asset. This means that controls and processes around the use and dissemination of this data should comply with key controls, such as encryption, access controls and monitoring. Think about the consequences of key data such as designs and technical information being made public. What kind of risks would this bring to the asset?

  1. Segment and Segregate OT from All Other Networks

In line with other well-known industry standards, such as IEC 62443, the segmentation and segregation of OT systems from all other networks is a key design element to reduce the attack surface and make the access to OT zones more isolated. While limiting the blast radius of any incursion, this should be backed up by monitoring of the traffic conduits between zones and will allow for a more targeted response if a zone is compromised.

  1. The Supply Chain Must be Secure

The focus on securing the supply chain is often overlooked, from suppliers to technology, and even at the component level. The ongoing monitoring of risks and vulnerabilities ensures that the trust placed in suppliers and equipment can be further assured and risks mitigated.

  1. People are Essential for OT Cyber Security

The human element plays a key role in securing OT environments. Are your people trained and skilled in the specific disciplines to address the threat? Awareness and training that is tailored to the advanced cyber threats that will target the function will allow people to have the right context when referencing OT cyber threats.

Conclusion

This recent release by the ACSC is a welcome update. The focus on safety, asset function, structural design of the supporting network, supply chain and people aspects provide a well rounded approach.

This summary provides a simple overview of the ACSC release. For more information on how Anchoram Consulting can provide comprehensive expertise in securing OT environments please contact us.

Many of us are familiar with the linkages between Critical […]

By Published On: 16 October 2024Categories: Corporate Governance, Security, Tech & Data

Share This Article:

Categories

Subscribe

Subscribe to our newsletter and get the latest news and information from Anchoram.

View by Author

Most Recent Articles

Author Profiles