CISA released the guidance, Barriers to Secure OT Communication: Why Johnny Can’t Authenticate , which highlights the known issues with insecure-by-design legacy industrial protocols and seeks to understand why the technology to secure these protocols is not widely adopted. CISA developed this guidance in partnership with operational technology (OT) equipment manufacturers and standard development organizations, by interviewing OT asset owners and operators to understand: What motivates owners and operators to secure communication, and What barriers prevent successful adoption from design through deployment and operations. Legacy OT protocols lack strong protections against data alteration, device impersonation, and unauthorized access, making critical infrastructure vulnerable to cyber threats. Securing these protocols requires solutions that are practical for current operators as well as cyber experts. Based on the research conducted, CISA provides recommendations for how owners and operators can avoid the negative experiences of their peers, as well as recommendations to OT manufacturers to drive sustainable, more usable capabilities. Barriers to Secure Communication: Why Johnny Can't Authenticate (PDF, 915.41 KB ) Please share your thoughts! We welcome your feedback. CISA Product Survey