TLDR;

• CISA, FBI, and international partners released new guidance to reduce cyber risks in operational technology (OT).
• The guidance focuses on securing OT connectivity as systems become more interconnected.
• The guide encourages OT vendors and integrators to adopt secure-by-design practices.
• Aims to protect critical infrastructure from advanced and nation-state cyber threats.

CISA and FBI Introduce New Guidance to Address Cyber Risks in OT Environments

Strategic Guide for Operational Technology to Design, Implement and Sustain Secure Connectivity

In January 2026, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), United Kingdom’s National Cyber Security Centre (NCSC-UK),  and international partners released Secure Connectivity Principles for Operational Technology. This joint guidance, led by NCSC-UK, helps organizations mitigate exposed and insecure connectivity and protect networks from highly capable and opportunistic cyber threat actors, including nation state-sponsored actors.

Balancing Operational Efficiency With Cyber Risk

Operational Technology (OT) network environments are increasingly interconnected, delivering benefits like real-time analytics, remote monitoring and predictive maintenance. However, this connectivity also heightens the risk to cyber intrusions that could cause physical harm, environmental damage, or disrupt essential services. This guide offers owners and operators a framework with clear goals for designing secure connectivity into their environments.

“This guide underscore’s CISA’s unwavering commitment to working hand-in-hand with U.S. and international partners to provide timely, actionable cybersecurity guidance” said Nick Anderson, CISA’s Executive Assistant Director for Cybersecurity. “By providing OT organizations with practical steps to design, secure, and manage connectivity in OT environments, we help defend critical infrastructure against malicious and state-sponsored cyber threats. Together with our partners, CISA also urges OT device manufacturers and integrators to embrace secure-by-design principles because building security in from the start is the most effective way to reduce risk and safeguard the nation’s vital systems.”

Strengthening OT Resilience Through Secure Design

As operational technology systems benefit from greater connectivity and attract more attention from adversaries, it is vital cybersecurity is treated as a foundational requirement that supports physical safety outcomes, uptime and service continuity. “Co-created with international partners and with extensive industry collaboration, the new NCSC guidance offers a clear, practical framework for designing and maintaining secure connectivity, reducing attack surface, and boosting resilience,” said NCSC Chief Technology Officer, Ollie Whitehouse. “We strongly recommend OT practitioners worldwide follow the eight key principles to help make confident, security-led decisions that will safeguard critical services and strengthen trust in connected systems.”

“Operational Technology systems quietly power the essential services Americans rely on every day, making their secure connectivity a matter of national importance,” said FBI Cyber Assistant Director Brett Leatherman. This joint guidance underscores that OT systems face growing threats, making rapid mitigation and shared defenses essential.”

CISA strongly encourages organizations to review this joint guide, assess their OT connectivity, and implement the recommended mitigations to strengthen critical infrastructure defenses against these opportunistic threats.

In addition to NCSC-UK and FBI, the joint guide was developed in collaboration with:

• United Kingdom’s National Cyber Security Centre (NCSC-UK)
• Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
• Canadian Centre for Cyber Security (Cyber Centre)
• German Federal Office for Information Security (BSI)
• Netherlands National Cyber Security Centre (NCSC-NL)
• New Zealand National Cyber Security Centre (NCSC-NZ)

The full article can be found on CISA’s website.

Want to learn more about protecting critical infrastructure from cyber threats? Schedule a meeting with our team to see how we can help.