ASD Publishes New Joint 'Secure by Demand' Guidance - 20250114001¶
Overview¶
The Australian Signals Directorate (ASD) have published a joint advisory on Secure by Demand guidance with priority considerations for operational technology owners and operators when selecting digital products.
The Advsiory warns about cyber threat actors, when compromising operational technology (OT) components, target specific OT products rather than specific organizations. Many OT products are not designed and developed with Secure by Design principles and commonly have weaknesses, such as weak authentication, known software vulnerabilities, limited logging, insecure default settings and passwords, and insecure legacy protocols. Cyber threat actors can easily exploit these weaknesses across multiple victims to gain access to control systems.
What has been observed?¶
When security is not prioritized nor incorporated directly into OT products, it is difficult and costly for owners and operators to defend their OT assets against compromise. The Secure by Demand guide, describes how OT owners and operators should integrate security into their procurement process when purchasing industrial automation and control systems as well as other OT products.
Recommendation¶
The WA SOC recommends administrators perform the following: