(TLP:CLEAR) CISA Releases “Barriers to Secure OT Communication” Guidance for Owners and Operators
Created: Thursday, February 12, 2026 - 14:50
Categories: Cybersecurity, Federal & State Resources, OT-ICS Security
Summary: CISA released the guidance “Barriers to Secure OT Communication: Why Johnny Can’t Authenticate,” which highlights the known issues with insecure-by-design legacy industrial protocols and seeks to understand why the technology to secure these protocols is not widely adopted. CISA developed this guidance in partnership with operational technology (OT) equipment manufacturers and standard development organizations, by interviewing OT asset owners and operators to understand:
- What motivates owners and operators to secure communication, and
- What barriers prevent successful adoption from design through deployment and operations.
CISA’s 2025 “Secure by Demand for OT guidance” highlights the critical need for secure communication that protects against myriad threats. CISA’s findings indicate that widespread adoption of secure communication is hindered not by a lack of technical solutions, but by real-world barriers in cost, complexity, and operational risk.
Analyst Note: Legacy OT protocols lack strong protections against data alteration, device impersonation, and unauthorized access, making critical infrastructure vulnerable to cyber threats. Additionally, the long lifecycle of OT devices means industry will be mitigating insecure-by-design legacy protocols for decades. Securing these protocols requires solutions that are practical for current operators as well as cyber experts. Based on the research conducted, CISA provides recommendations for how owners and operators can avoid the negative experiences of their peers, as well as recommendations to OT manufacturers to drive sustainable, more usable capabilities. WaterISAC encourages members to take the observations presented and apply them to their own infrastructure and security programs.
Original Source: https://www.cisa.gov/sites/default/files/2026-02/Barriers-to-Secure-Communication-Why-OT-Johnny-Cant-Authenticate_508_2.pdf
Additional Reading:
Related WaterISAC PIRs: 6, 8, 10.1, 11, 12