View by Author

Most Recent Articles

Securing Your OT Future: CISA’s guide to Choosing the Right Digital Products

Securing Your OT Future: CISA’s guide to Choosing the Right Digital Products

By Published On: 20 January 2025Categories: Uncategorized @au

We all know how connected our world is now, however […]

Share This Article:

We all know how connected our world is now, however this connectivity isn’t seen by the normal punter until a critical service is no longer available. Being connected allows for so much opportunity, but it also poses risk as well.

Just released this month, the Cybersecurity and Infrastructure Security Agency (CISA), in conjunction with international partners including the Australian Signals Directorate (ASD), has developed the ‘Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products.’

The information provided is useful for Operational Technology (OT) system owners and operators to focus on security when evaluating and selecting digital products. It reinforces the well-known ‘Secure by Design’ and ‘Secure by Default’ approaches regarding integrating security as inherent throughout the product lifecycle.

Here are some Key Takeaways:

Ensure security is involved: Security should be engaged as early as possible in the procurement process, as this will lead to a better and more secure outcome.

Understand your needs: Define the security requirements and understand the risk tolerances. Taking a risk-led approach ensures that high-risk approaches and products are excluded. This approach also ensures alignment with your operational risk tolerances.

Ask the right questions: Refer to the guides listing the critical questions to ask vendors about their security practices, including Secure Development Practices, Vulnerability Management, Data Protection, and Configuration Management. OT vendors should be expecting these questions and should provide detail as to how they meet these requirements.

Consider the entire product lifecycle: The security lifecycle should be aligned with the product lifecycle, and the security should be continually evaluated with each material change. This includes all phases including maintenance, upgrades and eventual decommissioning.

Build strong vendor relationships: Be transparent with your security expectations with vendors. Focus on partnerships and ensure a regular dialogue for security issues is maintained.

What benefits does a ‘Secure by Demand’ approach bring?

Reduced cyber risk: Choosing products with strong security features can lower the chances of a security incident.

Improved operational resilience: Secure OT systems are less likely to experience disruptions, leading to better operational performance and less downtime.

Enhanced compliance: This framework can help you meet the rules and guidelines set by regulators and industry standards.

Increased trust and confidence: By showing a commitment to cybersecurity, you can build trust with your stakeholders, your customers and the public.

Conclusion: The ‘Secure by Demand’ guide is a valuable tool for organisations wanting to improve the security of their OT environments. Anchoram Consulting welcomes these releases from CISA and partners, including the ASD.

By following these recommendations, those who own and operate OT systems can make better decisions about the digital products they choose, ultimately improving their ability to withstand cyber attacks and protect their critical operations.

For more information on how Anchoram Consulting can help you secure your OT environment and mitigate cyber risks, contact us today. Our team of experts can provide guidance on implementing robust security measures, selecting secure products and enhancing your overall cyber resilience.

We all know how connected our world is now, however […]

By Published On: 20 January 2025Categories: Uncategorized @au

Share This Article:

Categories

Subscribe

Subscribe to our newsletter and get the latest news and information from Anchoram.

View by Author

Most Recent Articles

Author Profiles