State and local government agencies’ efficiency and accountability are under continuous threat from the next unplanned outage, rigorous hacking attempts, unintentional clicking of a malicious link by an executive or changing bank account information in response to a malicious email. Can all of these be stopped? If you answer yes, you are fooling yourself!
Multi-tiered approach to protecting assets, activities and residents is exhaustive, and our state, local, tribal and territorial (SLTT) entities are at various levels of maturity in this endeavor. At its core lies the resiliency and cybersecurity of critical infrastructure operators who provide essential services to residents including Municipal Utility Authorities (MUA), Department of Public Works (DPW), water, wastewater and utility management companies. Cybersecurity & Infrastructure Security Agency (CISA) in association with agencies across the world have released a new advisory on how organizations should design, secure and manage connectivity in Operations Technology (OT) space.
CISA-Joint-Guidance-for-OT-1.14.2026
Core principles from this advisory
Principle 1: Balance the risks and opportunities
Principle 2: Limit the exposure of your connectivity
Principle 3: Centralize and standardize network connections
Principle 4: Use standardized and secure protocols
Principle 5: Harden your OT boundary
Principle 6: Limit the impact of compromise
Principle 7: Ensure all connectivity is logged and monitored
Principle 8: Establish an isolation plan
