Ethical Hacking News
CISA urges operational technology administrators to prioritize cybersecurity amid rising attacks targeting industrial companies and critical infrastructure. The agency has published foundational guidance for OT cybersecurity, including a new taxonomy-based OT asset inventory, to help organizations effectively identify and secure their most vital assets.
CISA has issued a call to action for OT administrators to enhance their cybersecurity posture. The agency is urging administrators to prioritize OT security due to rising attacks on industrial companies and critical infrastructure in the US. OT systems are increasingly connected, making them vulnerable to cyber threats despite being isolated from the public internet in the past. There was an 87% year-over-year increase in cyberattacks targeting industrial companies in the US in 2024, according to Dragos. CISA is publishing foundational guidance for OT cybersecurity, including a new taxonomy-based OT asset inventory. The agency recommends creating a living inventory of OT technology based on a taxonomic structure to aid in risk identification and vulnerability management. Organizations should create a taxonomic structure, keep a full list of device communication protocols, and prioritize cybersecurity posture to manage OT assets effectively.
CISA, or the Cybersecurity and Infrastructure Security Agency, has issued a call to action for operational technology administrators to take immediate steps to enhance the cybersecurity posture of their environments. In light of the rising number of attacks targeting industrial companies in the US, as well as critical infrastructure, the agency is urging administrators to prioritize OT security.
Operational technology (OT) refers to any technology that deals with physical processes, such as manufacturing equipment, energy distribution, oil and gas production, or other industrial duties. Despite being isolated from the public internet in the past, OT systems are increasingly connected, making them vulnerable to cyber threats. The FBI has noted a spike in attacks targeting critical infrastructure, where OT systems often reside.
According to Security Firm Dragos, there was an 87 percent year-over-year increase in cyberattacks targeting industrial companies in the US in 2024. Malefactors have targeted manufacturing hard, due to its relatively immature OT cybersecurity. The rise in OT attacks has prompted CISA to publish foundational guidance for OT cybersecurity, which includes a new taxonomy-based OT asset inventory.
The agency's recommendation is to create a living inventory of OT technology based on a taxonomic structure, which aids in risk identification, vulnerability management, and incident response by classifying assets based on function and criticality. Examples of suggested asset fields for an inventory include hostnames and IPs, as well as verifying more particular things about an asset, such as where baseline OS images are stored and whether they're up to date.
The joint asset inventory guide is a valuable resource that helps organizations effectively identify and secure their most vital assets, reduce the risk of cybersecurity incidents, and ensure the continuity of their mission and services. CISA Acting Executive Assistant Director for Cybersecurity Chris Butera stated that "operational technology is foundational to the operations of the nation's critical infrastructure."
To best manage OT assets, CISA recommends creating a taxonomic structure, which organizes and prioritizes OT assets, aids in risk identification, vulnerability management, and incident response by classifying assets based on function and criticality. The agency also recommends keeping a full list of a device's supported communication protocols to best track potential exploit pathways.
The rise in OT attacks has prompted CISA to take action, urging organizations to prioritize their cybersecurity posture. The joint asset inventory guide is a valuable resource that helps organizations effectively identify and secure their most vital assets, reduce the risk of cybersecurity incidents, and ensure the continuity of their mission and services.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Urges-Operational-Technology-Administrators-to-Prioritize-Cybersecurity-Amid-Rising-Attacks-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/08/14/cisa_begs_ot_admins_to/
Published: Thu Aug 14 13:58:49 2025 by llama3.2 3B Q4_K_M
