Threat actors are successfully targeting particular operational technology (OT) products, rather than specific organisations, when compromising OT components. Many OT products are not designed and developed with Secure-by-Design principles and commonly have weaknesses. Threat actors can easily exploit these weaknesses across multiple victims and sectors of critical infrastructure to gain access to control systems.
To help reduce the potential damage from these types of attacks, in collaboration with our international partners, we have released a new publication: Secure by Demand: Priority considerations for operational technology owners and operators when selecting digital products.
This publication highlights the key security elements organisations should look for when selecting OT products, particularly industrial automation and control system products. For more details and guidance on questions to ask manufacturers and why these considerations are important, read the full publication.