Western Cyber Agencies Release Secure Connectivity Principles for Operational Technology
CISA, the UK NCSC, and multiple international partners released Secure Connectivity Principles for Operational Technology (OT) guidance aimed at reducing risk created by increased connectivity into industrial environments (e.g., industrial control systems, sensors, and other critical services). The guidance is positioned for operators of essential services facing business and regulatory pressure to enable remote monitoring and management, and it emphasizes that formerly air-gapped OT is now more exposed due to expanded remote access and IT/OT convergence.
The guidance highlights that insecure or exposed OT connectivity is being targeted by a broad range of adversaries, including ransomware groups, state-backed actors, and pro-Russia hacktivists conducting opportunistic attacks against global critical infrastructure. Recommended defensive themes include network segmentation, strong authentication, continuous monitoring, and minimizing remote access paths to prevent disruptive incidents with potential real-world safety and service-delivery impacts; CISA also solicited stakeholder feedback via a product survey. Separate opinion pieces discussing AI in critical infrastructure and power redundancy risks in OT, and an industry roundup of Chinese cybersecurity companies, do not provide additional reporting on this specific guidance release.
Sources
Related Stories
Critical Infrastructure Cybersecurity Guidance and Architecture to Reduce Telecom and OT Attack Surfaces
A virtual briefing hosted by the Institute for Critical Infrastructure Technology (ICIT) argued that **telecom networks’ “crown jewels”**—including signaling pathways and subscriber identity/metadata—remain high-value targets, and that traditional perimeter defenses are insufficient against advanced adversaries. The session cited activity associated with China-linked threat actors **Salt Typhoon** and **Volt Typhoon** as illustrative of systemic telecom weaknesses, and promoted *privacy-first mobile-carrier* design choices (e.g., minimizing exposed identifiers and reducing the long-term value of compromised data) as concrete controls to reduce attack surface and limit blast radius. Separately, the U.K. **National Cyber Security Centre (NCSC)**, working with **CISA**, the **FBI**, and other international partners, released guidance titled **“Secure Connectivity Principles for Operational Technology”** aimed at reducing exposed and insecure connectivity in OT environments, including nuclear-sector contexts. The guidance outlines **eight foundational principles** intended to help organizations protect OT networks from highly capable and opportunistic actors, including **nation-state** threats, against a backdrop of accelerating IT/OT convergence and increasing rates of OT/ICS-impacting incidents reported across critical infrastructure.
1 months ago
Rising Risk of State-Linked Attacks on Power Grids and Operational Technology
Reporting highlighted growing concern that **state-affiliated and state-linked actors** are positioning for disruptive attacks against **operational technology (OT)** and critical infrastructure, with activity that may be difficult for operators to detect. A Codific analysis described five common pathways seen in disruptive grid-focused intrusions—often beginning with **human error or exposed perimeter services**, then escalating through **credential theft**, **remote access exploitation** (e.g., VPNs/gateways), **ransomware**, and misuse of **legitimate industrial commands** that can delay operations and complicate detection and recovery; it also warned that attacks on virtualized environments can hinder restoration efforts and that cascading impacts could be severe (e.g., Lloyd’s “Business Blackout” scenario estimating losses up to **$1T**). Recommended mitigations emphasized proven controls such as **phishing-resistant MFA** and **IT/OT segmentation**, rather than novel defenses. Separate commentary and media content also pointed to OT becoming a frontline in geopolitical escalation, including claims of a coordinated campaign tied to Iran-linked hacktivist activity targeting OT devices such as **Unitronics PLCs** used in water and industrial facilities, alongside psychological operations and SMS spoofing. Other items in the set were leadership/career/podcast-style content without specific incident or vulnerability detail and do not materially add to the OT/power-grid threat reporting.
1 weeks ago
Rising OT Threat From Credential Abuse and 'Living-off-the-Plant' Techniques
Security reporting and expert commentary warn that **operational technology (OT)** environments remain highly exposed due to fragile access controls and that attacker capability is trending toward more dangerous, process-aware operations. Lessons drawn from the 2015 **Ukraine power grid** disruption emphasize that remote connectivity, vendor access, and broad VPN permissions can become the “soft underbelly” of critical infrastructure, with recurring real-world examples of disruption tied to **misused remote access and stolen credentials** (including the **Colonial Pipeline** shutdown following a compromised password). The core takeaway is that OT systems are no longer “too specialized” to be targeted, and that common enterprise intrusion paths—credential compromise and remote access abuse—continue to translate into operational impact when they bridge into industrial environments. Separately, OT-focused threat analysis highlights early signs that attackers are gaining the “process comprehension” historically missing from many intrusions into industrial systems. A forthcoming RSA Conference 2026 presentation is expected to demonstrate **“living-off-the-plant”** techniques—analogous to living-off-the-land in IT—where adversaries leverage native industrial tooling and legitimate functions inside plants to blend in and potentially manipulate physical processes. The reporting argues that “security by obscurity” (attackers’ unfamiliarity with bespoke/legacy OT) has limited the severity of many incidents so far, but that this advantage is eroding as adversaries become more comfortable operating within industrial environments, increasing the risk of more consequential OT attacks.
1 months ago