Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireCybersecurity News

NSA releases cybersecurity advisory on ensuring security of operational technology

operational technology freepik

<a href='https://www.freepik.com/vectors/background'>Background vector created by rawpixel.com - www.freepik.com</a>

May 4, 2021

The National Security Agency (NSA) released the Cybersecurity Advisory, “Stop Malicious Cyber Activity Against Connected Operational Technology” , for National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) operational technology (OT) owners and operators. The CSA details how to evaluate risks to systems and improve the security of connections between OT and enterprise networks. Information technology (IT) exploitation can serve as a pivot point for OT exploitation, so carefully evaluating the risk of connectivity between IT and OT systems is necessary to ensure unique cybersecurity requirements are met.

Each IT-OT connection increases the potential attack surface. To prevent dangerous results from OT exploitation, OT operators and IT system administrators should ensure only the most imperative IT-OT connections are allowed, and that these are hardened to the greatest extent possible. An example of this type of threat includes recent adversarial exploitation of IT management software and its supply chain in the SolarWinds compromise with publicly documented impacts to OT, including U.S. critical infrastructure.

This guidance provides a pragmatic evaluation methodology to assess how to best improve OT and control system cybersecurity for mission success, to include understanding necessary resources for secure systems:

  • First, NSA encourages NSS, DoD, and DIB system owners, operators, and administrators to evaluate the value against risk and costs for enterprise IT to OT connectivity. While the safest OT system is one that is not connected to an IT network, mission critical connectivity may be required at times. Review the connections and disconnect those that are not truly needed to reduce the risk to OT systems and functions.
  • Next, NSA recommends taking steps to improve cybersecurity for OT networks when IT-OT connectivity is mission critical, as appropriate to their unique needs. For IT-OT connections deemed necessary, steps should be taken to mitigate risks of IT-OT exploitation pathways. These mitigations include fully managing all IT-OT connections, limiting access, actively monitoring and logging all access attempts, and cryptographically protecting remote access vectors.

Operational technology includes hardware and software that drives the operations of a given infrastructure environment, from an engine control unit in a modern vehicle to nationwide train transportation networks.

Every IT-OT connection creates an additional vector for potential OT exploitation that could impact and compromise mission and/or production. Performing a comprehensive risk analysis for all IT-OT interconnections and only allowing mission critical interconnections when they are properly protected will create an improved cybersecurity posture. By employing an appropriate risk analysis strategy, leadership and system owners and operators can make informed decisions to better manage OT networks while reducing the threats from and impact of exploitation and destructive cyber effects.

Joseph Carson, chief security scientist and Advisory CISO at ThycoticCentrify, explains, "Attacks targeting critical national infrastructure (CNI) tend to be the work of advanced persistent threat (APT) groups working on behalf of nation states with specific goals. Such high-level adversaries are difficult to defend against as they have the time and resources required to repeatedly test security measures and find gaps, whereas more opportunist criminals in search of profits will opt for soft targets. In addition to facing particularly tenacious attackers, most areas of CNI must also contend with complex network infrastructure that is difficult to secure. Operational Technology (OT), the systems used for managing the heavy industrial equipment common across these sectors, often operates in a very different fashion to traditional IT. Systems have often been designed with a lifespan of decades in mind, and are a poor fit with the fast-moving world of modern IT networks."

Carson adds, "Gaining centralized visibility and management of such a complex environment can be extremely challenging. This limited view creates gaps that can be exploited by threat actors, enabling them to infiltrate the network and move between systems without being detected. The conflicting network architecture also means that standard security measures such as role-based access control (RBAC) and two-factor authentication (2FA) are close to impossible to implement without purpose-built tools. These issues elevate the potential threat of a nation state actor infiltrating the system and causing serious disruption."

Dirk Schrader, Global Vice President at New Net Technologies (NNT), says, "Operational Technology (OT) has for long been seen as ‘this is not IT, why should I bother about it’ from cyber security folks. Neither did the ICS folks. The results are a dangerous mixture of differing languages and focus about what security is. Still, the essential security controls must be placed regardless of one’s perspective on IT and OT cyber security. Whether you prioritize availability (OT) or confidentially (IT), you will need to manage your vulnerabilities and to control unwanted change in order to maintain both."

For more information, review the advisory or visit NSA.gov/cybersecurity-guidance.

KEYWORDS: cyber security information technology national security national security agency operational security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • keys-cyber-enews

    NSA releases advisory on Chinese state-sponsored actors exploiting publicly known vulnerabilities

    See More
  • data breach

    CISA releases joint cybersecurity advisory on exploitation of Accellion file transfer appliance

    See More
  • energy_criticalinfrastructure

    NIST Releases Cybersecurity Guide for Energy Sector to Improve Operational Technology

    See More

Related Products

See More Products
  • 9780367221942.jpg

    From Visual Surveillance to Internet of Things: Technology and Applications

  • 9780367259044.jpg

    Understanding Homeland Security: Foundations of Security Policy

  • 9780815378068.jpg.jpg

    Biometrics, Crime and Security

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!