OTCC Statement on the CISA Cross-Sector Cybersecurity Performance Goals



The Operational Technology Cybersecurity Coalition (OTCC) appreciates the efforts of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) in developing their Cross-Sector Cybersecurity Performance Goals (CPGs) released today. After reviewing the goals, it is apparent CISA put significant time and effort into recognizing differences and challenges between cybersecurity in an operational technology (OT) environment versus an information technology (IT) environment. Recognizing the nuances and challenges in both OT and IT environments is both welcome and needed.


The OTCC looks forward to working with CISA and other government agencies to inform and educate them on the unique attributes of OT cybersecurity policy and best practices. Further, we would like to work with the Sector Risk Management Agencies on the implementation of these goals and operationalize them into actionable, measurable, sector-specific efforts.


When combined with the National Institute of Standards and Technology’s well-recognized Cybersecurity Framework, the cybersecurity community now has USG perspectives on measuring the effectiveness of outcome-driven cybersecurity practices.


Additionally, we thank CISA for engaging stakeholders in this process, as gaining insight from practitioners, particularly in the operational technology world, is essential to creating cybersecurity policies and practices that can more effectively manage the growing risk faced by companies of all types and sizes.