PRESS RELEASE

Today, CISA — along with U.S. and international partners — released joint guidance titled "Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products." As part of CISA’s Secure by Demand series, this guidance focuses on helping customers identify manufacturers dedicated to continuous improvement and achieving a better cost balance, as well as how Operational Technology (OT) owners and operators should integrate secure by design elements into their procurement process.

Cybersecurity Threats to Critical Infrastructure and Industrial Control Systems

Critical infrastructure and industrial control systems are prime targets for cyberattacks. The authoring agencies warn that threat actors, when compromising OT components, target specific OT products rather than specific organizations. Many OT products are not designed and developed with Secure by Design principles and often have easily exploited weaknesses. When procuring products, OT owners and operators should select products from manufacturers who prioritize security elements identified in this guidance.

Additional Resources

For more information on questions to consider during procurement discussions, see CISA’s "Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem." To learn more about secure by design principles and practices, visit CISA’s "Secure by Design" webpage.

Secure by Demand Guidance

The joint guidance released by CISA and its partners provides critical information for OT owners and operators to make informed decisions when selecting digital products. By following the guidance, customers can help ensure that their operational technology is secure and resilient against cyber threats.

Secure by Design Principles and Practices

CISA’s "Secure by Design" webpage offers a wealth of information on secure by design principles and practices. This webpage provides valuable resources and guidance for OT owners and operators looking to implement secure by design elements into their procurement process.

Secure by Demand Guide

The "Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem" provides additional information on questions to consider during procurement discussions. This guide helps OT owners and operators make informed decisions when selecting digital products and ensures that their operational technology is secure and resilient against cyber threats.