OPC: Secure by Demand Document Accredited by 11 Top Security Agencies

Download the document and get ready to be inspired!

Secure by Demand Document Accredited by 11 Top Security Agencies

OPC · January 27, 2025 · 2 min
Modal to share this post

Cyber threat actors are commonly targeting specific OT products rather than specific organizations. In an effort to help industry exercise vigilance and best practices, the Cybersecurity and Infrastructure Security Agency (CISA), a division of the United States Department of Homeland Security, in cooperation with global contributors, have created this document, which outlines how several OT products are not designed nor developed with secure by design principles.

This means that these hardware and software components commonly have weaknesses when it comes to authentication, software vulnerabilities, limited logging, as well as insecure default settings and passwords.

“As a contributor to this document, the OPC Foundation is proud to announce the completion of “Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products”.”
Stefan Hoppe, OPC Foundation

Stefan Hoppe – President & Executive Director, OPC Foundation

With 11 internationally recognized security agencies accrediting this document, including affixing their official seals thereupon, it stands to reason that this is sound advice for the operational technology (OT) community and the suppliers that service this industry. These agencies include:

  • U.S. Cybersecurity and Infrastructure Security Agency (CISA)
  • Germany’s Federal Office for Information Security (BSI)
  • Netherlands’ National Cyber Security Centre (NCSC-NL)
  • New Zealand’s National Cyber Security Centre (NCSC-NZ)
  • United Kingdom’s National Cyber Security Centre (NCSC-UK)
  • Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)
  • U.S. Federal Bureau of Investigation (FBI)
  • U.S. National Security Agency (NSA)
  • U.S. Environmental Protection Agency (EPA)
  • Canadian Centre for Cyber Security (CCCS)
  • Directorate General for Communications Networks, Content and Technology (DG CONNECT), European Commission

Michael Clark, Director OPC Foundation North America, one of the contributing authors, says, “This document has been several months in the making and now, with its timely release, we see well-articulated guidance directed toward OT owners and operators”. Clark continues, “By following the principles and best practices outlined therein, OT owners and operators are effectively securing critical infrastructure, thus, making it more difficult for threat actors to be successful in their disruptive behaviors.”

“The risk of a threat actor accessing the OT network is increasing due to business drivers for interconnectivity and the compromise of edge devices that enable segmentation. This Secure by Demand guidance for OT is the product of asset owners, governments, industrial automation and control system vendors, and industry groups, like the OPC Foundation, all collaborating toward a more flexible and resilient implementation with their unique viewpoints and subject matter expertise, creating an implementation that has a better chance of escaping the label of “legacy” in a few years’ time. Asset owners should take this guidance to their vendors and procurement officials as they consider procuring new OT equipment.”

Dr. Matthew Rogers – ICS Expert, Cybersecurity and Infrastructrue Security Agency

This document outlines a checklist of capabilities that align with the vision of the OPC UA standard. These capabilities give asset owners specific requirements to give to their perspective vendors, thus, ensuring that owner/operators can secure their factories from modern cyber security threats. This document further serves as a valuable tool that allows asset owners to change the conversation with their vendors about what their needs will be when it comes to secure by design principles.

Download the document here and get ready to be inspired!

Randy Armstrong

Chairman of the Security Working Group, OPC Foundation

Logo OPC

Latest News

We take time for every enquiry!

Your message was sent successfully!

Thank you for reaching out. We'll get back to you shortly!

Oops!

Something went wrong. Please try again later.

Processing!

Thank you for your message. We are processing the information.

Upcoming events

Think WIoT Day

Livestream on Wireless IoT in Logistics

Date

March 26th 2025

Location

Online

WIoT tomorrow 2025

International Exhibition | Summit

Date

22. - 23.

October 2025

Location

Wiesbaden,

Germany