Principles of Operational Technology Cyber Security

This publication defines principles for operational technology (OT) cyber security and best practices to mitigate cyber threats. It was developed by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) in cooperation with the following international partners: 

• United States (US) Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC).
• United Kingdom’s National Cyber Security Centre (NCSC-UK).
• Canadian Centre for Cyber Security (CCCS), a part of the Communications Security Establishment (CSE).
• New Zealand National Cyber Security Centre (NCSC-NZ).
• Germany’s Federal Office for Information Security (BSI Germany).
• Netherlands’ National Cyber Security Centre (NCSC-NL).
• Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and National Police Agency (NPA).
• Republic of Korea’s National Intelligence Service (NIS) and NIS’ National Cyber Security Center (NCSC).

This document is designed to assist organizations making decisions for designing, implementing, and managing OT environments to ensure they are safe and secure, as well as enable business continuity for critical services. The guidance is of moderate technical complexity and assumes a basic understanding of OT cyber security.