Primary Mitigations to Reduce Cyber Threats to Operational Technology

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA), and the Department of Energy (DOE)—hereafter referred to as “the authoring organizations”—are aware of cyber incidents affecting the operational technology (OT) and industrial control systems (ICS) of critical infrastructure entities in the United States. The authoring organizations urge critical infrastructure entities to review and act now to improve their cybersecurity posture against cyber threat activities specifically and intentionally targeting internet-connected OT and ICS.

The authoring organizations recommend critical infrastructure asset owners and operators implement the mitigations found in their Fact Sheet to defend against OT cyber threats. Additionally, CISA recommends critical infrastructure organizations review and implement, if possible, the listed resources to enhance their security posture.