The National Cyber Security Authority of Saudi Arabia recently issued the “Cyber Security Controls Document for Operational Systems (OTCC-1:2022)”. This document aims at enabling sensitive industrial facilities, critical infrastructure, private businesses, and government agencies to adopt best practices and standards to ensure the security of operations at all times. Specifically, (OTCC-1:2022) has been developed to increase the level of cyber protection accorded to OT/ICS environments in view of the rising attacks on OT and OT-linked infrastructure and networks.
What do you need to look out for in the NCA’s OTCC-1:2022?
According to the authority, the document outlines the approved controls for operational systems to help them align towards reducing the cyber risks to operational technology-based systems. The document aims to raise the bar as far as cybersecurity is concerned to ensure that the businesses and entities concerned enforce minimum requirements for protection and follow them up by extending basic cybersecurity controls to improve risk management.
As per the accompanying mandate issued by the NCA, these controls must be implemented as an extension to NCA’s Essential Cybersecurity Controls (ECC-1: 2018) issued earlier. The term Industrial Control Systems (ICS) includes all devices, systems, or networks used to operate and/or automate industrial processes.
The issuance of these controls comes within the authority’s mandate to set policies, governance mechanisms, frameworks, standards, controls, and guidelines related to cyber security in the Kingdom and based on its role in regulating and protecting cyberspace, and seeking to promote and protect vital interests and sensitive national infrastructures by enhancing cyber security for operational systems at the national level.
To comply with the requirements suggested by the document, businesses and agencies should:
- Rise the level of baseline protection accorded to OT systems
- Invest in continually improving security measures
- Revisit risk management measures to align them with emerging cyber threats
- Expand the scope of basic security controls as a follow-up to point 1
- Identify security gaps and work towards addressing them to improve the overall security posture
Implications of OTCC-1: 2022 for your business
OTCC-1:2022 has multiple implications for your business. From the data layer up to cloud ingress, underlying controls, first response mechanisms, and back-ups, a streamlined effort is needed to comply with this mandate and to ensure the minimization of your institutional risk exposure.
Sectrio is a leading provider of IoT, OT, IT cybersecurity solutions, and threat intelligence. Our proven expertise can help your business in meeting its compliance mandates and infrastructure protection needs.
Sectrio’s cybersecurity experts can help you draw a roadmap to comply with this OTCC-1:2022 and to improve your risk management measures to contain and mitigate threats. Speak to our experts now to initiate your threat assessment and mitigation journey.
Talk to us about the simplified approach to OT security that minimizes your institutional risk exposure significantly.
Worried about not having the right threat intelligence for improving your SecOps? Talk to us to try our threat intelligence feeds for free for the next two weeks.
Participate in the CISO Peer Survey 2022 and make your opinion count now, fill up our uniquely designed survey here: CISO Peer Survey 2022
Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo
Try our threat intelligence feeds for free for the next two weeks.
Get access to enriched IoT-focused cyber threat intelligence for free for 15 days