NSA publishes recommendations for smart controller security controls and technical requirements for OT environments.
The National Security Agency released a cybersecurity technical report to share recommendations for security policies and technical requirements for operational technology (OT) smart controller devices installed in national security systems.
The report, which primarily focuses on identifying inadequately addressed security controls for smart controllers, says that although it is tailored to national security systems OT cybersecurity, those in the public and private sector can also use their OT devices to meet the outlined requirements to improve their cybersecurity infrastructure.
“Network and internet-connected OT devices are ubiquitous in health care too—everything from building automation systems to badge readers on doors and life-safety systems,” says Scott Gee, American Hospital Association deputy national advisor for cybersecurity and risk, in a release. “We, as a sector, need to pay close attention to OT security as well.”
Rising Threats Target OT Smart Controllers
The growing convergence of IT and OT systems, along with the advanced cyber capabilities of our adversaries, have introduced new threats to OT environments. These threats increase the risk of cyber incidents that could disrupt critical missions, endanger public safety, and cause financial harm.
This increased risk is a notable concern for smart controllers, intelligent OT embedded devices with enhanced capabilities normally associated with IT network devices, which are potential high-value targets for adversaries.
NSA Outlines Baseline Requirements for Smart Controllers
The report, “Operational Technology Assurance Partnership: Smart Controller Security within National Security Systems,” provides the first steps in developing minimum security requirements for smart controllers within national security systems that align with the moderate-moderate-moderate (M-M-M) National Institute of Standards and Technology (NIST) countermeasures baseline. It also includes an analytical comparison of NIST security controls and existing International Society of Automation technical requirements for OT devices.
The analysis’ findings identify inadequately addressed security controls and outline future requirements to fill these gaps.
The findings of the study will be submitted to the International Society of Automation standards committee for consideration toward future updates to ISA-62443-4-2. ISA-62443-4-2 outlines cybersecurity technical requirements for the components in industrial automations and control systems.
ID 154742479 © Pop Nukoonrat | Dreamstime.com
Related Read:
