Overview

• On August 13, CISA, NSA, FBI, EPA and cybersecurity agencies from Australia, Canada, Germany, the Netherlands and New Zealand jointly issued guidance and an NSA technical report on OT asset inventories.
• The framework outlines step-by-step processes for building a taxonomy-driven OT asset inventory to underpin risk identification, vulnerability management and incident response.
• Guidance includes taxonomy templates and recommends asset fields—such as hostnames, IP addresses, baseline OS images and communication protocols—alongside sector examples for energy, oil and gas and water systems.
• The release responds to an 87% year-over-year increase in OT-targeted attacks reported by Dragos and the discovery of two rare OT-specific malware variants in 2024.
• Agencies encourage all critical infrastructure operators to implement the guidance and align with Cross-Sector Cybersecurity Performance Goals to bolster service continuity and resilience.