Operational Technology (OT) Security: Applying the NCSC’s 8 Secure Connectivity Principles

The security of our physical systems is more critical than ever. For all organisations — and especially those in health tech and defence — operational technology (OT) security is not just an IT issue; it is a matter of public safety and national security. From patient monitoring systems in hospitals to the control systems that manage critical defence infrastructure, OT underpins essential services.

Unlike traditional IT security, which often prioritises confidentiality and data protection, OT security places primary emphasis on safety, availability, and the reliable operation of physical processes. A compromise in an OT environment can therefore have severe real-world consequences, including physical harm, service disruption, and loss of public trust.

Fortunately, the UK’s National Cyber Security Centre (NCSC) provides clear guidance to help organisations navigate this complex landscape. This guide offers an overview of the NCSC’s secure connectivity principles, tailored for decision-makers and security professionals in the health tech and defence sectors. We explore how these principles support resilient, defensible OT environments.

Why OT Cybersecurity is a Critical Priority

The convergence of IT and OT systems has delivered significant operational efficiency, but it has also introduced new and often poorly understood cyber risks. In health tech, the security of connected medical devices and clinical systems has a direct impact on patient safety. A compromised infusion pump, imaging system, or patient monitoring platform is no longer a theoretical risk.

Similarly, the defence sector relies on extensive networks of industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems to manage logistics, facilities, and mission-critical assets. A successful cyber attack against these systems could disrupt operations and, in some cases, compromise national security.

The threat landscape is broad, ranging from opportunistic ransomware campaigns to highly sophisticated, state-linked activity targeting critical national infrastructure (CNI). The NCSC consistently emphasises that securing OT environments is essential to preventing physical harm and widespread disruption. Effective OT security starts with recognising the unique priorities and constraints of operational systems, including long asset lifecycles, limited patching options, and complex supplier ecosystems.

To address these challenges, the NCSC has defined eight principles for secure connectivity in OT environments. Together, they provide a practical framework for designing, implementing, and managing connections to and from operational systems.

1. Balance the Risks and Opportunities

Before introducing new connectivity, organisations should document a clear business case that weighs operational benefits against cyber and safety risks. In health tech and defence, this includes assessing potential impacts on patient safety or mission-critical operations. Risk tolerance should be explicitly defined, with decisions accountable and auditable.

2. Limit the Exposure of Your Connectivity

Minimising exposure reduces the attack surface available to adversaries. This requires a thorough understanding of the OT architecture to identify unnecessary or poorly controlled connections. Applying the principle of least privilege to network connectivity significantly strengthens overall security.

3. Centralise and Standardise Network Connections

Centralised and standardised connectivity makes it easier to apply consistent security controls, reduce misconfiguration, and monitor activity. This approach ensures that all OT connections — including remote access and data exchange — meet defined security standards.

4. Use Standardised and Secure Protocols

Many OT environments still rely on legacy protocols that lack encryption or authentication. The NCSC advises moving to modern, standardised protocols where possible. When legacy protocols cannot be replaced, compensating controls should be used to reduce associated risks.

5. Harden Your OT Boundary

The boundary between IT and OT networks should be carefully protected using controls designed for operational environments. Firewalls, access controls, and monitoring technologies should be configured to reflect OT priorities. A demilitarised zone (DMZ) can help prevent a compromise in IT systems from propagating into OT networks.

6. Limit the Impact of Compromise

Assuming that a breach may eventually occur is a core principle of modern cybersecurity. Network segmentation within OT environments limits lateral movement and helps contain incidents. This should be supported by tested incident response and recovery plans to maintain operational resilience.

7. Ensure All Connectivity Is Logged and Monitored

Comprehensive logging and continuous monitoring are essential for detecting suspicious activity and supporting incident investigation. For health tech and defence organisations, visibility across OT connectivity is critical for timely and informed response.

8. Establish an Isolation Plan

In extreme scenarios, it may be necessary to isolate OT systems from wider networks. A documented and tested isolation plan ensures this can be done safely, including procedures for transitioning to manual operation where required. This capability acts as a final safeguard in serious incidents.

A persistent challenge in OT security is the prevalence of legacy systems with lifecycles measured in decades. These systems may no longer receive security updates and should be treated as inherently untrusted. The NCSC recommends isolating such assets and applying additional controls to reduce risk.

Supply chain security is equally critical. Vulnerabilities introduced by suppliers can undermine even well-designed architectures. Organisations should assess vendor security practices, require secure-by-design principles, and use contractual controls to ensure visibility and accountability throughout the lifecycle of OT products and services.

Securing operational technology is an ongoing process rather than a one-off project. Organisations should begin with a clear understanding of their OT architecture and critical assets, prioritising improvements based on risk. Implementing the NCSC’s secure connectivity principles in a phased and practical manner helps build long-term resilience.