Source URL: https://www.cisa.gov/news-events/alerts/2025/01/13/cisa-and-us-and-international-partners-publish-guidance-priority-considerations-product-selection-ot
Source: Alerts
Title: CISA and US and International Partners Publish Guidance on Priority Considerations in Product Selection for OT Owners and Operators
Feedly Summary: Today, CISA—along with U.S. and international partners—released joint guidance Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. As part of CISA’s Secure by Demand series, this guidance focuses on helping customers identify manufacturers dedicated to continuous improvement and achieving a better cost balance, as well as how Operational Technology (OT) owners and operators should integrate secure by design elements into their procurement process.
Critical infrastructure and industrial control systems are prime targets for cyberattacks. The authoring agencies warn that threat actors, when compromising OT components, target specific OT products rather than specific organizations. Many OT products are not designed and developed with Secure by Design principles and often have easily exploited weaknesses. When procuring products, OT owners and operators should select products from manufacturers who prioritize security elements identified in this guidance.
For more information on questions to consider during procurement discussions, see CISA’s Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem. To learn more about secure by design principles and practices, visit Secure by Design.
AI Summary and Description: Yes
Summary: The text discusses new guidance issued by CISA and international partners aimed at improving security in Operational Technology (OT) through a Secure by Design approach. This is particularly relevant for security professionals in sectors dealing with critical infrastructure, as it highlights the importance of procurement practices in selecting secure digital products.
Detailed Description:
The guidance titled “Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products” was released by CISA in collaboration with U.S. and international partners. This initiative aims to enhance cybersecurity in Operational Technology (OT), which includes critical infrastructure and industrial control systems that are increasingly targeted by cyberattacks. Here are the key points addressing its significance:
– **Purpose**:
– To aid operational technology owners and operators in making informed decisions regarding the procurement of digital products with a security focus.
– To emphasize the importance of choosing manufacturers committed to continuous security improvements.
– **Challenges**:
– Operational Technology components are frequent targets for cyber adversaries.
– Many OT products currently lack Secure by Design principles, making them vulnerable to exploitation.
– Threat actors often focus on specific OT products rather than entire organizations, increasing the need for vigilance in procurement.
– **Recommendations**:
– OT owners should prioritize selecting products from manufacturers that integrate security considerations into their design and production processes.
– The guidance encourages implementing Secure by Design elements in the procurement cycle to reduce risks associated with vulnerable OT products.
– **Resources**:
– CISA provides further information through the “Secure by Demand Guide,” which outlines critical questions for software procurement discussions to help drive a secure technology ecosystem.
– For additional best practices related to Secure by Design principles, CISA offers dedicated resources and guidance.
This guidance plays a pivotal role in enhancing cybersecurity in OT environments, as it equips professionals with the knowledge needed to critically assess the security posture of potential digital products and suppliers.