The National Security Agency has recommended security policies and technical requirements for smart controller devices installed for operational technology in national security systems, or NSS. The recommendations address new risks from the rising combination of IT and OT systems, as well as growing adversarial cyberthreats, NSA said Wednesday.
Table of Contents
Vulnerable Cyberattack Targets
Smart controllers typically integrated within IT network systems are high-value cyberattack targets vulnerable to adversaries, the agency noted in its cybersecurity technical report titled “Operational Technology Assurance Partnership: Smart Controller Security within National Security Systems.”
Threats on OT systems and devices can simulate IT network vulnerabilities, the agency explained. It pointed out that vulnerability is higher on legacy OT systems, as they lack security by default, and there are vulnerabilities as well in the IT infrastructure integrated into them.
Testing and Updates as Shields
The recommendations in the 57-page report include regular administrator testing and updating of all NSS OT firmware and software, including host, embedded and network devices. The NSA report also urges controls on system components or devices with wireless capabilities to ensure that a switch or a default mode can disable the wireless interface.
As a further guidance, the report provides analytical comparison of National Institute of Standards and Technology security controls and current International Society of Automation technical requirements for OT devices.
Parallel Cyber Guardrails
According to NSA, the study was also conducted to help develop the Operational Technology Assurance Partnership, a pilot for the cybersecurity testing process of NSS OT components. Additionally, the study’s findings will be submitted to the U.S. Army’s Intelligence Support Activity standards committee for consideration on future cybersecurity technical requirement updates for the components in industrial automations and control systems.
In February, NSA also released three cybersecurity information sheets outlining critical mitigation strategies to safeguard organizations’ edge device systems, including firewalls, routers and virtual private network gateways.
Related Articles
The Office of the Director of National Intelligence has appointed Tidal “Ty” McCoy II, most recently a principal at Nexfed, as intelligence community chief financial officer. McCoy announced his appointment at ODNI in a LinkedIn post published Tuesday. Hear experts discuss the latest tech advancements, trends and opportunities facing the IC at the Potomac Officers Club’s 2025 Intel Summit on Oct. 2. Reserve your spot now! Who Is Tidal McCoy? In 2022, McCoy joined strategy consulting firm Nextfed as a vice president. At Nexfed, he led the firm’s intelligence and acquisition strategy practice and played a key role in mergers
The National Science Foundation has launched an initiative to invest up to $100 million in a national network of artificial intelligence-enabled programmable cloud laboratories as part of efforts to advance automated science and engineering and drive discoveries and innovation. NSF said Tuesday the Directorate for Technology, Innovation and Partnerships, or TIP, will lead the NSF Test Bed: Toward a Network of Programmable Cloud Laboratories, or NSF PCL Test Bed. “The idea of a national network of programmable cloud laboratories builds on NSF’s longstanding legacy of transformative investments — such as NSFNET decades ago — that paved the way for the modern
Sens. Jeanne Shaheen, D-N.H.; Maggie Hassan, D-N.H.; Susan Collins, R-Maine; and Angus King, I-Maine have proposed legislation that would spare the Navy’s four public shipyards from workforce reductions. Called the Protecting Public Naval Shipyards Act, the bipartisan bill tells the Department of Defense to exempt certain positions at public shipyards from hiring freezes and layoffs to ensure that nuclear-powered submarine maintenance and overhaul are uninterrupted. “This bipartisan bill will ensure that important naval operations continue without disruption by exempting public shipyard employees from the chaotic mass firings, workforce reductions, and hiring freezes directed by the Trump Administration,” said Hassan. Top