Google Cloud publishes OT Hybrid security guidance

Google Cloud's Office of the CISO, in collaboration with Mandiant, has released a report offering practical guidance to secure hybrid and cloud-connected operational technology networks in manufacturing and energy sectors, Industrial Cyber reports.

The report emphasizes the growing integration of IT and OT systems, noting that vulnerabilities, including weak identity and access management, insecure internet exposure, and insufficient segmentation, make these industries prime targets for ransomware, hacktivists, and state-sponsored attackers. Google Cloud recommends deploying dedicated OT network services, granular firewalls, role-based access control, encrypted unidirectional connections, and maintaining updated OT asset inventories. The guidance follows standards such as IEC 62443, NIST 800-82, and zero-trust principles, providing tactical steps to implement defense-in-depth architectures, secure supervisory control and data acquisition systems, and operationalize cloud-based solutions without compromising performance. "The rapidly evolving manufacturing threat landscape necessitates a holistic approach addressing IT, OT, engineering, and supply chain security," the report states. Organizations are urged to combine on-premises OT security with secure cloud adoption to ensure resilient, compliant, and safe industrial operations.