The Cybersecurity and Infrastructure Security Agency’s (CISA) new guidance, released on Aug. 13 for critical infrastructure owners and operators to improve the security of their operational technology (OT), focuses on creating and maintaining comprehensive OT asset inventories and taxonomies.
The new guidance was developed by CISA, the FBI, the National Security Agency, and security agencies from several U.S. allied nations.
The guidance, CISA said, aims to help “organizations effectively identify and secure their most vital assets, reduce the risk of cybersecurity incidents, and ensure the continuity of their mission and services.”
“OT systems are essential to the daily lives of all Americans and to national security,” said CISA Acting Director Madhu Gottumukkala.
“They power everything from water systems and energy grids to manufacturing and transportation networks,” the director said. “As cyber threats continue to evolve, CISA through this guidance provides deeper visibility into OT assets as a critical first step in reducing risk and ensuring operational resilience.”
“Operational technology is foundational to the operations of the nation’s critical infrastructure,” added Chris Butera, who is the acting executive assistant director for cybersecurity at CISA. “Securing operational technology and industrial control systems has been a priority for CISA for many years and remains a priority into the future.”
“All organizations are encouraged to review the guidance to understand how to build and maintain OT asset inventories and implement the recommended actions,” CISA said. “These practices align with the Cross-Sector Cybersecurity Performance Goals and can help organizations improve their cybersecurity posture and reduce the risk of compromise in operational environments.”