he Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA) and U.S. Department of the Treasury published new guidance today on “Improving Security of Open Source Software (OSS) in Operational Technology (OT) and Industrial Control Systems (ICS),” developed in collaboration with industry and government partners through the Joint Cyber Defense Collaborative (JCDC) as part of the 2023 OSS planning initiative. This guidance will promote an improved understanding of and highlight best practices and considerations for the secure use of OSS in OT/ICS environments.
Critical infrastructure organizations using OT/ICS face heightened cybersecurity and safety concerns due to the potentially far-reaching impacts of incidents and associated life safety implications, particularly to connected infrastructure. Applying generally applicable cyber hygiene practices, such as routinely updating software, can be challenging for organizations using OSS in OT and ICS applications.