Blog

Understanding the implications of OTCC-1: 2022 for your business

By |

The National Cyber Security Authority of Saudi Arabia recently issued the “Cyber Security Controls Document for Operational Systems (OTCC-1:2022)”. This document aims at enabling sensitive industrial facilities, critical infrastructure, private businesses, and government agencies to adopt best practices and standards to ensure the security of operations at all times. Specifically, (OTCC-1:2022) has been developed to increase the level of cyber protection accorded to OT/ICS environments in view of the rising attacks on OT and OT-linked infrastructure and networks.

Operational technology cybersecurity controls
OTCC-1: 2022 by NCA

What do you need to look out for in the NCA’s OTCC-1:2022?

According to the authority, the document outlines the approved controls for operational systems to help them align towards reducing the cyber risks to operational technology-based systems. The document aims to raise the bar as far as cybersecurity is concerned to ensure that the businesses and entities concerned enforce minimum requirements for protection and follow them up by extending basic cybersecurity controls to improve risk management.   

As per the accompanying mandate issued by the NCA, these controls must be implemented as an extension to NCA’s Essential Cybersecurity Controls (ECC-1: 2018) issued earlier. The term Industrial Control Systems (ICS) includes all devices, systems, or networks used to operate and/or automate industrial processes.

The issuance of these controls comes within the authority’s mandate to set policies, governance mechanisms, frameworks, standards, controls, and guidelines related to cyber security in the Kingdom and based on its role in regulating and protecting cyberspace, and seeking to promote and protect vital interests and sensitive national infrastructures by enhancing cyber security for operational systems at the national level.

To comply with the requirements suggested by the document, businesses and agencies should:

  • Rise the level of baseline protection accorded to OT systems
  • Invest in continually improving security measures
  • Revisit risk management measures to align them with emerging cyber threats
  • Expand the scope of basic security controls as a follow-up to point 1
  • Identify security gaps and work towards addressing them to improve the overall security posture

Implications of OTCC-1: 2022 for your business

OTCC-1:2022 has multiple implications for your business. From the data layer up to cloud ingress, underlying controls, first response mechanisms, and back-ups, a streamlined effort is needed to comply with this mandate and to ensure the minimization of your institutional risk exposure.

Sectrio is a leading provider of IoT, OT, IT cybersecurity solutions, and threat intelligence. Our proven expertise can help your business in meeting its compliance mandates and infrastructure protection needs.  

Sectrio’s cybersecurity experts can help you draw a roadmap to comply with this OTCC-1:2022 and to improve your risk management measures to contain and mitigate threats. Speak to our experts now to initiate your threat assessment and mitigation journey.  

Talk to us about the simplified approach to OT security that minimizes your institutional risk exposure significantly. 

Worried about not having the right threat intelligence for improving your SecOps? Talk to us to try our threat intelligence feeds for free for the next two weeks.

Participate in the CISO Peer Survey 2022 and make your opinion count now, fill up our uniquely designed survey here: CISO Peer Survey 2022

Ciso peer survey 2022
Get started with the CISO Peer Survey here: Begin the survey now!

Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo

2022 threat landscape assessment report
Get the latest copy of the OT and IoT threat landscape report

Try our threat intelligence feeds for free for the next two weeks.

Improve your cybersecurity through ot and iot focused threat intelligence feeds free for 15 days
Understanding the implications of OTCC-1: 2022 for your business - Sectrio

Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

Share:
Sectrio is a technology market leader in the Internet of Things (IoT), Operational Technology (OT), Information Technology (IT) and 5G Security products for securing the most critical assets, data, networks, supply chains and device architectures for diverse deployments across geographies. Sectrio solutions minimize the attack surface and eliminate all risks from hackers, malware, cyber espionage, and other threats by securing the entire digital footprint covering services, applications, and surfaces through a single platform powered by real-time threat intelligence sourced from Sectrio’s largest honeypot network active in 75+ cities around the world.

Subscribe to Newsletter

Related Posts

Protect your IoT, OT and converged assets with Sectrio