Operational Technology environments are under growing pressure to connect. Business demands for remote access, real-time data, analytics, and integration with enterprise systems are continuing to rise. At the same time, regulatory scrutiny and threat activity targeting industrial systems have increased. Organisations must enable connectivity without compromising safety, reliability, or operational resilience.
Recognising this challenge, global cybersecurity agencies recently released joint guidance on designing secure connectivity into OT environments. Led by the UK’s National Cyber Security Centre (NCSC), and developed in partnership with agencies including CISA, the FBI, BSI, and international counterparts, the Secure Connectivity Principles for Operational Technology provide a goal-oriented framework to help organisations connect OT safely.
For operators of essential services, this guidance is particularly significant. Insecure or poorly governed connectivity into OT networks can lead to operational disruption, safety incidents, and in extreme cases, national security consequences. The principles are not presented as a checklist or minimum compliance bar. Instead, they are intended to help organisations make confident, risk-led decisions when designing, implementing, and managing OT connectivity.
The new guidance reflects the reality across the industry. OT environments are no longer isolated. Boundaries between IT and OT have blurred, with connectivity often introduced incrementally to meet urgent business needs rather than through structured design.
Research shows that the majority of industrial cyber incidents now originate in IT environments before moving laterally into OT. At the same time, many organisations lack accurate OT asset inventories, run legacy systems that cannot be patched easily, and rely on insecure remote access mechanisms. Connectivity models often grow complex over time, involving business systems, billing platforms, cloud services, integrators, and multiple third parties. Each new connection increases the attack surface.
The NCSC-led guidance directly addresses these issues by emphasising controlled connectivity, reduced exposure, and resilience by design.
The guidance begins with a clear message. Connectivity can deliver operational value, but only when risks are explicitly understood and managed. OT connectivity should never undermine safety, reliability, or availability.
This aligns closely with Integrity360’s OT risk analysis approach. Using recognised methodologies such as ISO 27005 and EBIOS, we help organisations understand how connectivity decisions interact with cyber, physical, and safety risks. Rather than treating connectivity as a purely technical decision, it is assessed against business impact, threat likelihood, and operational resilience.
By embedding risk management into OT decision-making, organisations can ensure that connectivity aligns with their defined risk appetite rather than evolving in an ad hoc manner.
A core theme of the guidance is limiting exposure. Unnecessary access paths should be eliminated, and communication tightly controlled. IT/OT connectivity should follow standardized and controlled paths to ensure consistent (monitoring, logging or visibility) and governance.
In practice, many OT environments suffer from fragmented access models. Bespoke connections are created for individual vendors or projects, often with inconsistent controls and limited oversight. Over time, this creates complexity that is difficult to secure or monitor.
Integrity360 addresses this through OT security architecture reviews, IT/OT DMZ design, and targeted audits that identify unmanaged connections, insecure access paths, and misconfigurations. By consolidating access and managing/securing connection through defined gateways and standard patterns, organisations gain greater control, consistent enforcement, and reduced risk of configuration drift.
Hardening the OT boundary is another central principle. Systems should expose only what is operationally necessary, with strong access controls applied to all forms of connectivity.
This is particularly important where remote access is required. External access to OT environments should be protected using phishing-resistant multi-factor authentication, identity-based access controls, and strict least-privilege enforcement. Default credentials should never exist on deployed devices, especially those reachable from external networks.
Integrity360’s OT security engineering services support organisations in implementing hardened boundary controls, secure remote access solutions, and administration bastions designed specifically for industrial environments. These controls help prevent unauthorised access while maintaining operational continuity.
The guidance makes clear that compromise must be assumed. When it occurs, its impact must be limited. Segmentation and flow control are essential to preventing lateral movement between systems.
Legacy and obsolete devices pose a particular challenge. These systems are often unsuitable for direct external connectivity and cannot support modern security controls. The guidance recommends indirect access supported by strong compensating controls, including segmentation, trusted boundary components, and comprehensive logging.
Integrity360 frequently supports organisations in designing segmentation strategies aligned to IEC 62443, isolating high-risk assets, and implementing compensating controls for legacy systems. This reduces the blast radius of an incident and protects critical operations from cascading failures.
The advisory also addresses industrial protocols, recommending migration to secure variants that support cryptographic protections for authenticity and integrity. Where insecure protocols remain in use, their presence should be explicitly justified and supported by a roadmap for replacement.
External data exchange between IT and OT should be brokered through a DMZ using secure, standardised protocols. Operational data can be shared safely by replicating historians into the DMZ using unidirectional transfer mechanisms, ensuring there is no inbound connectivity from IT to OT.
Integrity360 supports these requirements through OT security engineering, protocol assessments, and secure integration of network probes, firewalls, and monitoring solutions that align with industrial constraints.
Connectivity must be visible. Logging and continuous monitoring are essential for detecting abnormal behaviour, validating segmentation policies, and supporting incident response.
Effective monitoring starts with understanding how attackers operate and designing telemetry to detect those behaviours, not simply collecting logs for compliance purposes. Integrity360’s OT investigation and incident response services focus on building meaningful detection capability that supports rapid containment and recovery.
Finally, the guidance stresses the importance of isolation planning. OT systems that support critical functions should be designed to operate independently during fallback conditions. Isolation plans must be tested and integrated with wider business continuity processes.
The NCSC-led principles provide a clear and practical framework, but guidance alone does not reduce risk. The challenge for most organisations lies in translating these principles into real-world architectures, governance models, and operational controls.
Integrity360 helps organisations do exactly that. Through OT consulting, auditing, engineering, training, and incident response, we support the full lifecycle of secure OT connectivity. From assessing current exposure to designing resilient architectures and responding to incidents, our approach reflects the same core objective as the guidance. Enable connectivity where it delivers value, but never at the expense of safety, reliability, or integrity.
If you’d like to learn more about how Integrity360 can assist with your OT and cybersecurity needs get in touch with our experts.