The NCSC’s guidance is aimed at operational technology organisations, particularly those deploying equipment across greenfield and brownfield sites
Operational technology – the infrastructure that controls and manages industrial infrastructure – is seen as highly vulnerable to being targeted, and loss of that infrastructure can be catastrophic to businesses and the wider landscape.
The new guidance encourages those working in OT roles to not only securely map all digital and physical components of the system to establish where risks may arise, but to limit that mapping to essential viewers only.
This definitive record should cover key factors that could put companies at risk, including components, connectivity, system architecture and third-party access to infrastructure, and the potential impact to the business if something was to happen.
Laura Gillespie, a cyber readiness expert with Pinsent Masons, said the advice was essential for companies who might find themselves at risk.
“Operational technology can be a prime target to threat actors, who understand that business operation disruption can escalate very quickly, putting victims under pressure to closely consider the need for threat actor engagement,” she added.
Stuart Davey, a cyber expert at Pinsent Masons with a particular focus on critical national infrastructure (CNI) warned: “While many manufacturing processes increasingly rely on technology-based processes, other sectors and critical national infrastructure are equally at risk. It is crucial potential victims understand how operational technology is mapped, to ensure they are prepared in the event of an attack”.
“With the Cyber Security and Resilience Bill expected by the end of 2025, which will bring greater protections to CNI, the UK is doubling down on efforts to ensure businesses take a proactive approach to cyber security.”