Fact Sheet for Organizations Using Open-Source Software – My information Resource (blog.mir.net)

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), and US Department of the Treasury are releasing this Joint Fact Sheet for senior leadership and operations personnel at operational technology (OT) vendors and critical infrastructure facilities. This fact sheet will assist with better management of risk from open source software (OSS) use in OT products and increase resilience using available resources. While several resources and recommendations within this fact sheet are best suited for execution by the vendor or the critical infrastructure owner, collaboration across parties will result in less friction for operator workflows and promote a safer, more reliable system and provision of National Critical Functions. This fact sheet aims to:

Promote the understanding of OSS and its implementation in OT and industrial control systems (ICS) environments. Highlight best practices and considerations for the secure use of OSS in OT.

Critical infrastructure organizations using OSS in OT and ICS face heightened cybersecurity and safety concerns due to the potential far-reaching impacts of incidents and associated life safety implications. Applying generally applicable cyber hygiene practices, such as routinely updating software, can be challenging for organizations using OSS in OT and ICS applications.

All organizations are encouraged to review the Joint Fact Sheet and visit CISA’s new webpage, Securing Open Source Software in Operational Technology for more information.