New Guidance Calls on OT Operators to Create Continually Updated System Inventory

Cybersecurity agencies in several countries have teamed up to create new guidance for operational technology (OT) organizations, specifically for building and maintaining a definitive view of their architecture.

In mid-August, agencies from the United States, Canada, Australia, New Zealand, the Netherlands, and Germany released asset inventory guidance for OT owners and operators.

Joined by the United Kingdom, these countries have now published a follow-up document that explains how organizations can leverage asset inventories, SBOMs and other data sources to create and maintain definitive records, a collection of continually updated documents that represent an accurate and up-to-date view of their OT systems.

“Establishing a definitive record of your organisation’s OT will allow you to effectively assess risks and implement the proportionate security controls. Rather than focusing solely on individual assets, a holistic approach enables you to consider the broader context which leads to a better assessment of the criticality and ...