The Cybersecurity and Infrastructure Security Agency has released a new guide aimed at helping critical infrastructure operators adopt more secure operational technology, or OT, communications and reduce barriers to implementation.
As agencies like CISA advance cybersecurity initiatives, Potomac Officers Club’s 2026 Cyber Summit on May 21 will bring together government and industry leaders to assess progress and chart the path forward. Secure your seat today.
Table of Contents
What Is the Focus of CISA’s New Guide?
The agency said Wednesday the guide, titled Barriers to Secure OT Communications: Why Johnny Can’t Authenticate, outlines challenges preventing widespread adoption of secure industrial protocols. Developed through interviews with stakeholders across water, transportation, chemical, energy and food sectors, the document examines why many operators continue using legacy protocols that lack authentication and message integrity protections.
What Actions Does CISA Recommend?
The guidance outlines practical steps to overcome procurement, deployment and sustainment challenges, as well as latency and bandwidth constraints, inspection limitations caused by encryption and interoperability issues with legacy systems. It encourages prioritizing secure communication features when acquiring new equipment and calls on manufacturers to reduce usability friction in product design. The document builds on CISA’s prior “Secure by Demand” guidance and aims to support long-term enhancements in OT cybersecurity practices.
According to CISA Acting Director Madhu Gottumukkala, adopting secure communications in OT environments is a long-term effort that involves complexity, cost and risk.
“Over the past year, CISA conducted customer-led research to create this secure communication guide. CISA encourages asset owners and operators, system integrators, service providers, and OT manufacturers to review this guide and collaborate together to implement secure communication,” said Gottumukkala, who spoke at Potomac Officers Club’s 2025 Homeland Security Summit in the fall.
Why Is Secure OT Communication a Priority?
Insecure communication allows threat actors to impersonate devices or alter messages in transit to OT devices. Adoption of secure versions of industrial protocols, which have been available for more than 20 years, has been limited due to technical, operational and cost-related barriers within the control systems community.
Related Federal OT Cybersecurity Efforts
CISA’s guidance follows a series of recent OT security initiatives, including joint Secure Connectivity Principles issued with the UK’s National Cyber Security Centre, the National Institute of Standards and Technology’s draft update to Guide to Operational Technology (OT) Security and the Department of War’s new Zero Trust for Operational Technology guidance.
