CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication

PRESS RELEASE CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication Driven By Customer Insights & Recommendations: This Guide Offers Practical Steps to Reduce Cost and Complexity ReleasedFebruary 10, 2026 RELATED TOPICS: INDUSTRIAL CONTROL SYSTEMS WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) today released a new guide to help operational technology (OT) owners and operators implement secure communications and advise OT manufacturers on reducing barriers and improving usability. The guide, Barriers to Secure OT Communications: Why Johnny Can’t Authenticate, was developed from interviews with control systems stakeholders, asset owners and operators across sectors including Water and Wastewater Systems, Transportation Systems, Chemical, Energy, and Food and Agriculture Sectors. Many OT owners and operators continue to use insecure legacy industrial protocols that lack basic authentication and integrity checks. With insecure communications, threat actors can impersonate a device or modify a message in transit to an OT device. Secure versions of industrial protocols have been available for over two decades; however, a variety of barriers have prevented the control systems community from widely adopting these protocols which enable secure communication. “Adopting secure communications in OT environments is a long-term effort with complexities, costs and risks. Over the past year, CISA conducted customer-led research to create this secure communication guide,” said CISA Acting Director Madhu Gottumukkala. “CISA encourages asset owners and operators, system integrators, service providers, and OT manufacturers to review this guide and collaborate together to implement secure communication.” This guide provides insightful information on why secure communication is not widely adopted and offers actionable recommendations for OT owners, operators and manufacturers to overcome key barriers that include:    Cost and complexity issues through procurement, deployment and maintenance Latency and bandwidth concerns Inspection issues from encryption Interoperability and legacy product issues   “There is a critical need for OT environments to use secure communication that protects against threats like actor-in-the-middle attacks and unauthorized updates,” said CISA Executive Assistant Director for Cybersecurity Nick Andersen. “This guide demonstrates CISA’s commitment to collaborate with industry and government partners to develop tangible outcomes that strengthen security and build trust. We encourage the control systems community to review and implement recommended actions in this guide.”  Asset owners and integrators should use this guidance to avoid disruptions from secure communication and identify what to prioritize when procuring new components. OT manufacturers should use the lessons from this customer research to reduce customer friction with security and ultimately create a more usable and safer product.  This guidance expands on the security communication concepts in CISA’s joint guide, Secure by Demand: Priority Considerations for OT Owners and Operators When Selecting Digital Products, including key questions owners and operators should be asking OT product manufacturers.   For more information and resources, please visit CISA’s Industrial Control Systems webpage.   ### About CISA  As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day. Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram.  Related Articles JAN 14, 2026 PRESS RELEASE CISA, UK NCSC, FBI Unveil Principles to Combat Cyber Risks in OT APR 23, 2025 PRESS RELEASE CISA, DHS S&T, INL, LSU Help Energy Industry Partners Strengthen Incident Response and OT Cybersecurity FEB 09, 2022 PRESS RELEASE CISA, City of St. Louis and Local Partners Conduct Exercise to Keep Water Supply Safe JAN 11, 2022 PRESS RELEASE ICT Supply Chain Risk Management Task Force Announces new members and Working Group