Security Staff Acquisition & Development, DevSecOps, Critical Infrastructure Security

Federal open source software cybersecurity guidance for OT, ICS unveiled

Share

Newly developed cybersecurity guidelines from the U.S. Department of Treasury, Cybersecurity and Infrastructure Security Agency, National Security Agency, and the FBI tackling open source software usage in industrial control systems and operational technology environments have recommended not only up-to-date patches and security updates for all OT and IT systems but also the application of "secure-by-design" and "secure-by-default" philosophies in software development, reports SecurityWeek. Attempted exploitation of software updates to compromise the OT supply chain should also prompt increased verifiability and transparency, according to the joint guidance. "A reliable software supply chain for an OT system with OSS components provides assurance the system will behave as intended at the time of acquisition and that all OSS components have been appropriately vetted prior to use. This is also true for software supply chain information in general," wrote the agencies, which also urged the advancement of vulnerability management and reporting, as well as strengthened authentication and authorization policies for the OT/ICS industry.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.