The Cybersecurity and Infrastructure Security Agency has released a new guide aimed at helping critical infrastructure operators adopt more secure operational technology, or OT, communications and reduce barriers to implementation.
As agencies like CISA advance cybersecurity initiatives, Potomac Officers Club’s 2026 Cyber Summit on May 21 will bring together government and industry leaders to assess progress and chart the path forward. Secure your seat today.
Table of Contents
What Is the Focus of CISA’s New Guide?
The agency said Wednesday the guide, titled Barriers to Secure OT Communications: Why Johnny Can’t Authenticate, outlines challenges preventing widespread adoption of secure industrial protocols. Developed through interviews with stakeholders across water, transportation, chemical, energy and food sectors, the document examines why many operators continue using legacy protocols that lack authentication and message integrity protections.
What Actions Does CISA Recommend?
The guidance outlines practical steps to overcome procurement, deployment and sustainment challenges, as well as latency and bandwidth constraints, inspection limitations caused by encryption and interoperability issues with legacy systems. It encourages prioritizing secure communication features when acquiring new equipment and calls on manufacturers to reduce usability friction in product design. The document builds on CISA’s prior “Secure by Demand” guidance and aims to support long-term enhancements in OT cybersecurity practices.
According to CISA Acting Director Madhu Gottumukkala, adopting secure communications in OT environments is a long-term effort that involves complexity, cost and risk.
“Over the past year, CISA conducted customer-led research to create this secure communication guide. CISA encourages asset owners and operators, system integrators, service providers, and OT manufacturers to review this guide and collaborate together to implement secure communication,” said Gottumukkala, who spoke at Potomac Officers Club’s 2025 Homeland Security Summit in the fall.
Why Is Secure OT Communication a Priority?
Insecure communication allows threat actors to impersonate devices or alter messages in transit to OT devices. Adoption of secure versions of industrial protocols, which have been available for more than 20 years, has been limited due to technical, operational and cost-related barriers within the control systems community.
Related Federal OT Cybersecurity Efforts
CISA’s guidance follows a series of recent OT security initiatives, including joint Secure Connectivity Principles issued with the UK’s National Cyber Security Centre, the National Institute of Standards and Technology’s draft update to Guide to Operational Technology (OT) Security and the Department of War’s new Zero Trust for Operational Technology guidance.
Related Articles
The Department of War has finalized the realignment of the Defense Security Cooperation Agency and the Defense Technology Security Administration under the Office of the Under Secretary of War for Acquisition and Sustainment, or USW(A&S). What Is the Purpose of Realigning DSCA, DTSA Under the USW(A&S) Office? DOW said Tuesday the restructuring aims to consolidate acquisition, sustainment, security cooperation, defense sales, industrial base policy and arms transfer responsibilities under a single organizational authority to strengthen the U.S. industrial base and facilitate burden-sharing with allies and partners. The realignment, which supports the National Defense Strategy, also intends to establish a clearer
The Federal Communications Commission has announced plans to re-charter the Communications Security, Reliability, and Interoperability Council, or CSRIC, for a new two-year term and is soliciting nominations for membership. In a public notice published Monday, the FCC said it intends to re-charter the advisory committee on or before March 26, following consultation with the General Services Administration. The re-chartered body will represent the commission’s tenth CSRIC charter, CSRIC X, with the first meeting expected in June. Nominations for CSRIC X membership must be submitted no later than March 11. What Is the Purpose of CSRIC? According to the FCC, CSRIC
The National Reconnaissance Office has selected HEO, SatVu and Sierra Nevada Corp. as the first awardees under its Strategic Commercial Enhancements commercial solutions opening, or CSO, for remote sensing capabilities. The agency said Tuesday that the CSO reflects its shift toward multi-phenomenology technologies that integrate electro-optical, hyperspectral imaging, radar, radio frequency, and light detection and ranging, also known as LIDAR. What Capabilities Will the Companies Provide to NRO? The initial tranche covers a range of sensing capabilities to strengthen NRO’s multi-phenomenology portfolio. HEO, an Australian space company, will provide non-Earth imagery The United Kingdom-based SatVu will deliver medium-wave infrared imagery