TLDR;
In January 2026, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), United Kingdom’s National Cyber Security Centre (NCSC-UK), and international partners released Secure Connectivity Principles for Operational Technology. This joint guidance, led by NCSC-UK, helps organizations mitigate exposed and insecure connectivity and protect networks from highly capable and opportunistic cyber threat actors, including nation state-sponsored actors.
Operational Technology (OT) network environments are increasingly interconnected, delivering benefits like real-time analytics, remote monitoring and predictive maintenance. However, this connectivity also heightens the risk to cyber intrusions that could cause physical harm, environmental damage, or disrupt essential services. This guide offers owners and operators a framework with clear goals for designing secure connectivity into their environments.
“This guide underscore’s CISA’s unwavering commitment to working hand-in-hand with U.S. and international partners to provide timely, actionable cybersecurity guidance” said Nick Anderson, CISA’s Executive Assistant Director for Cybersecurity. “By providing OT organizations with practical steps to design, secure, and manage connectivity in OT environments, we help defend critical infrastructure against malicious and state-sponsored cyber threats. Together with our partners, CISA also urges OT device manufacturers and integrators to embrace secure-by-design principles because building security in from the start is the most effective way to reduce risk and safeguard the nation’s vital systems.”
As operational technology systems benefit from greater connectivity and attract more attention from adversaries, it is vital cybersecurity is treated as a foundational requirement that supports physical safety outcomes, uptime and service continuity. “Co-created with international partners and with extensive industry collaboration, the new NCSC guidance offers a clear, practical framework for designing and maintaining secure connectivity, reducing attack surface, and boosting resilience,” said NCSC Chief Technology Officer, Ollie Whitehouse. “We strongly recommend OT practitioners worldwide follow the eight key principles to help make confident, security-led decisions that will safeguard critical services and strengthen trust in connected systems.”
“Operational Technology systems quietly power the essential services Americans rely on every day, making their secure connectivity a matter of national importance,” said FBI Cyber Assistant Director Brett Leatherman. This joint guidance underscores that OT systems face growing threats, making rapid mitigation and shared defenses essential.”
CISA strongly encourages organizations to review this joint guide, assess their OT connectivity, and implement the recommended mitigations to strengthen critical infrastructure defenses against these opportunistic threats.
In addition to NCSC-UK and FBI, the joint guide was developed in collaboration with:
The full article can be found on CISA’s website.
Want to learn more about protecting critical infrastructure from cyber threats? Schedule a meeting with our team to see how we can help.
Enter your email to get the latest news, updates,
and content on cybersecurity.
