Western cyber agencies issue guidance on cyber risks to industrial sectors

A coalition of several cyber authorities has published joint guidance on managing security risks in industrial operational technology.
Cyberattackers linked to Russia disrupted France’s La Poste with a DDoS attack, blocking parcel tracking and banking services before Christmas while authorities coordinated an international response.

A group of international cybersecurity agencies has released new technical guidance addressing the security of operational technology (OT) used in industrial and critical infrastructure environments.

The guidance, led by the UK’s National Cyber Security Centre (NCSC), provides recommendations for securely connecting industrial control systems, sensors, and other operational equipment that support essential services. The NCSC operates as part of GCHQ, one of the three UK Intelligence and Security Agencies.

Operational technology is widely used across sectors such as energy generation, water treatment, manufacturing, and transportation. While many of these systems were previously isolated from external networks, they are increasingly connected for remote monitoring, maintenance, and performance optimisation. The shift has expanded the number of network interfaces that require protection.

According to the co-authoring agencies, industrial environments are being targeted by a range of actors, including cybercriminal groups and state-linked actors. The guidance references a joint advisory issued in June 2023 on China-linked cyber activity, as well as a more recent advisory from the US Cybersecurity and Infrastructure Security Agency (CISA) that notes opportunistic activity by pro-Russia hacktivist groups affecting critical infrastructure globally.

The document was co-authored by agencies from multiple countries, including the United States, the Netherlands, Germany, and members of the Five Eyes partnership, Australia, Canada, and New Zealand, alongside UK authorities.

In an accompanying statement, NCSC Chief Technology Officer Ollie Whitehouse noted that cybersecurity measures in industrial environments should be integrated into system design and operations to support safety, availability, and service continuity.

The agencies state that the guidance is intended for OT operators, system integrators, and security professionals responsible for designing or maintaining connected industrial systems, and is applicable across sectors and jurisdictions.

The guidance outlines eight technical principles to reduce risk in connected OT environments. These include network segmentation, strong authentication mechanisms, continuous monitoring, and limiting remote access pathways. The agencies note that these measures are intended to reduce the likelihood of disruptive incidents affecting essential services.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!