On January 13, 2025, the Cybersecurity & Infrastructure Security Agency (CISA) published a new resources partnership with a global contingent, from the NSA and FBI in the U.S. to Australia’s Cyber Security Centre, Canada’s Center for Cyber Security, and several European nations’ Cyber Security Centres.
This new resource is entitled “Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products”.
In this resource, CISA warns that malicious actors are targeting specific Operational Technology (OT) products rather than organizations. This is because many OT products have known weaknesses in authentication, limited logging abilities, and confirmed software vulnerabilities.
The January CISA resource 12 considerations when considering OT products. CISA and their partners then recommend choosing products from manufacturers who follow a Secure by Demand philosophy to minimize intrusions and exploitation, reducing the burden of industrial cybersecurity costs on OT owners and operators.
Much of the publication centers on secure communications, controls, authentication, and configuration. Since 90% of all internet network traffic is generated by machines, securing machine to machine communication is paramount.
Securing communications for OT has proven difficult historically, which is why Corsha developed a dynamic Identity Provider for Machines to protect lifecycles, authenticate and govern the identities securing operational systems. In turn, protection of machine identities enables users to trust the movement of data between IT and OT environments, from the cloud to a manufacturing floor.
Corsha’s solutions enable conformance to CISA’s suggestions. For example, CISA cites logging of events as a best practice. Corsha’s Identity Provider goes a step further, providing full visibility into OT network traffic as well as real-time monitoring of machine interaction.
CISA also recommends data protection and secure communications. Corsha provides end to end encryption for all OT communications, securing data transmission machine-to-machine or between OT and IT.
Non-Human Identities outweigh human identities by a factor of 45 to 1 across enterprises. Securing their communications is no longer optional in order to protect manufacturing environments and critical infrastructure. Corsha’s solutions provide the security and confidence needed for operators to meet the best practice guidance that’s been provided.
In addition to serving as Federal CTO at GitLab Inc, Joel is a frequent writer and content contributor, drawing upon a wealth of experience in technology, software development, and cybersecurity. With 25 years of hands-on software industry expertise, he possesses an in-depth understanding of the entire software development life cycle. His leadership extends across the US Public Sector, as well as small businesses, mid-market enterprises, and global corporations. In prior roles, Joel spearheaded agile and digital transformations within Fortune 100 companies and authored over half a million lines of unique code throughout his career. He earned his B.S.E.E. from Purdue University and holds numerous industry certifications.
About Corsha
Corsha, the leader in identity and access management that forms the foundation of security for the world’s operational systems. Corsha’s Identity Provider for Machines allows enterprises to securely connect, move data, and automate with confidence from anywhere to anywhere. Today’s operational systems include legacy systems that tightly interconnect with modern cloud native systems. Cyber attacks increasingly target operational system vulnerabilities as the connections between legacy and modern systems grow. Corsha’s platform embodies zero trust principles anchored in identity security to protect lifecycles, authenticate and govern the identities securing operational systems. The platform delivers innovative machine-to-machine authentication and secure communications powering a secure modern world.