The Cybersecurity and Infrastructure Security Agency recently released the guidance Barriers to Secure OT Communication: Why Johnny Can’t Authenticate. It highlights the known issues with insecure-by-design legacy industrial protocols and seeks to understand why the technology to secure these protocols is not widely adopted.
CISA developed this guidance in partnership with operational technology (OT) equipment manufacturers and standard development organizations, by interviewing OT asset owners and operators to understand:
- What motivates owners and operators to secure communication, and
- What barriers prevent successful adoption from design through deployment and operations.
Legacy OT protocols lack strong protections against data alteration, device impersonation, and unauthorized access, making critical infrastructure vulnerable to cyber threats. Securing these protocols requires solutions that are practical for current operators as well as cyber experts.
Based on the research conducted, CISA provides recommendations for how owners and operators can avoid the negative experiences of their peers, as well as recommendations to OT manufacturers to drive sustainable, more usable capabilities.
Owners and operators can:
- Learn why message signing is the foundation for secure OT communication and when encryption is essential.
- Discover practical strategies for phased adoption of secure protocols to minimize operational risk.
- Identify which OT communications should be prioritized for enhanced security and resilience.
- Explore ways to simplify secure workflows and key management for easier implementation.
CISA offers manufacturers insight on:
- Customer research to reduce customer friction and deliver more usable, secure products.
- Actionable recommendations to address cost and complexity barriers to secure communication.
- Usability metrics like deployment time and ease of integration, and how they can differentiate your solutions and accelerate adoption.
For further details, the full guidance can be read here.
