As the rapid advancement of Industrial Control Systems (ICS) technology continues, the cyber threat landscape is also escalating. The National Cybersecurity Authority (NCA) of Saudi Arabia has launched key Operational Technology Cybersecurity Controls (OTCC-1:2022), aimed at bolstering the protection of critical infrastructure. These controls serve as an extension to NCA’s Essential Cybersecurity Controls (ECC) and are imperative for government and private sector organizations owning, operating, or hosting Critical National Infrastructure (CNI) both within and outside Saudi Arabia. The implementation of OTCC-1:2022 not only fulfills a regulatory requirement but also presents an opportunity to enhance operational technology (OT) cyber defense capabilities. The NCA strongly encourages all organizations to adopt these measures as best practices to improve and augment their OT cybersecurity posture.
The OTCC-1:2022 framework outlines a comprehensive set of controls, covering the four pillars of cybersecurity: strategy, people, processes, and technology. This includes 4 main domains, 23 subdomains, 47 main controls, and 122 sub-controls. The goal of these controls is to achieve elevated national cybersecurity objectives, focusing on ICS and defining their cybersecurity requirements to ensure organizations meet mandatory cybersecurity needs.
In this publication, TXOne delves into the new requirements set forth by the Saudi Arabian National Cybersecurity Authority (NCA), introducing and elucidating their objectives and overview. We will closely examine how these guidelines strengthen the cybersecurity of ICS in critical infrastructure and provide a roadmap for organizations to achieve compliance under these new regulations. Read further to understand these guidelines and how critical infrastructure entities can strengthen their ICS cybersecurity.
