European Union: CISA released guidelines for priority considerations for operational technology owners and operator regarding secure by demand

On 14 January 2025, the Cybersecurity and Infrastructure Security Agency (CISA) adopted the secure-by-demand guidelines aimed at enhancing cybersecurity for operational technology (OT) products. The guidance emphasises the importance of integrating security into the procurement process for OT products, particularly in industrial automation and control systems. The guidelines outline security elements that OT owners and operators should consider when selecting products. The security elements include secure by default configurations, strong authentication, and vulnerability management to mitigate risks posed by cyber threat actors targeting OT products. The guidelines were developed in collaboration with international partners, including the US National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the European Commission’s Directorate General for Communications Networks, Content and Technology (DG CONNECT).