Executive Summary
- What’s new: U.S., U.K. and other international partners have issued new joint guidance for operational technology owners and operators, providing a road map for better understanding and securing OT systems through a “definitive record” of assets.
- Why it matters: The joint guidance, together with the EU’s NIS2 Directive, highlights a converging international approach to OT cybersecurity, emphasizing asset transparency, third-party risk accountability and operational resilience for organizations with interconnected digital and physical systems.
- What to do next: Organizations should consider developing asset-mapping and inventorying capabilities, implementing an OT information security management program, establishing third-party risk management policies and reviewing network security measures to align with the new guidance and evolving regulatory expectations.
__________
The United States’ Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI), in collaboration with the United Kingdom’s National Cyber Security Centre and other international partners, have issued new joint guidance for operational…
