Brilliant at the Basics

Top 10

IT cybersecurity best practices

for Defense Industrial Base (DIB) Partners
Download PDF ↓

The "Brilliant at the Basics" Cybersecurity Campaign is designed to empower our Defense Industrial Base (DIB) partners — particularly innovative small and mid-sized businesses — with streamlined, practical guidance to confidently protect their operations without the burden of massive compliance overhead. In alignment with the Department of War’s (DoW) mission to supercharge the "Arsenal of Freedom," this guide distills vital cybersecurity principles into clear, actionable steps for Information Technology (IT) environments.

As we work together to streamline compliance and remove administrative barriers, protecting sensitive defense information remains a vital, shared responsibility. By adopting these foundational core practices, DIB partners can fortify their networks, reduce technical debt, and enable the rapid, secure delivery of superior technology to the tactical edge—ultimately delivering peace through technical strength.

01
Zero Trust Architecture (ZTA) and Multi-Factor Authentication (MFA)

Shift away from perimeter-only defenses by applying ZTA and MFA principles across your entire

+ Read more

enterprise. Enforce explicit identity verification for all users and connected devices, ensuring least privilege, attribute-based access (ABAC) protections at the data, application, and network layers.First sentence or two of the description, enough to give the gist.

02
Interoperable Cloud and Software Adoption

Transition to structured, multi-cloud, and multi-vendor environments to securely deploy services

+ Read more

and leverage commercial innovation in support of the DoW mission. Design your systems to integrate through documented APIs, open standards, modular interfaces, and authoritative data exchanges to avoid proprietary lock-in.

03
Tech Debt Reduction

Minimize your attack surface by aggressively identifying, modernizing, consolidating, or retiring legacy systems, redundant data stores,

+ Read more

unnecessary interfaces, and unsupported technologies. Reducing technical debt directly improves your resilience, and enables you to deliver secure, interoperable capabilities at mission speed.

04
Software and Asset Inventory Management

Establish and maintain a validated, real-time inventory of all physical devices and software

+ Read more

assets connected to your network. Tracking your computers, servers, and active software licenses ensures the operational visibility required to effectively manage risk, maintain compliance, and build a resilient defense.

05
Software-Defined Segmentation to Limit Adversary Lateral Movement

Implement Software-Defined Networking (SDN) or modern, software-based segmentation to divide

+ Read more

their networks into secure, isolated logical zones. Once an adversary gains access, they seek to move laterally to high-value data stores. SDN limits the "blast radius" of a compromise and ensures that sensitive Department data is dynamically protected even if an endpoint is breached.

06
Software Factory Ecosystems

Adopt modern DevSecOps approaches to continuously deliver secure and resilient software at the speed of innovation while eliminating

+ Read more

service/component IT silos to increase the speed of delivery of capabilities to the warfighter. Utilize Infrastructure as Code (IaC), Compliance as Code, and hardened software containers to improve the software development process.

07
Responsible Governance

Require traceable data sources, model governance, human oversight, cybersecurity controls, explainability where needed, and

+ Read more

alignment to mission outcomes where AI, analytics, or automation are used.

08
Infrastructure for Resilient Tactical Edge Environments

Design cloud and deploy cloud, hybrid, and software architectures optimized to extend capabilities to

+ Read more

Outside the Continental United States (OCONUS) and austere edge environments. Sustain critical access to data and applications during disrupted, disconnected, intermittent, and limited (DDIL) bandwidth conditions through localized storage and store-and-forward protocols. Implement a Zero-Trust, "assume-compromise" security posture designed to isolate localized breaches and prevent lateral movement across the broader enterprise network.

09
Data as a Strategic Asset

Adopt a "Cloud Smart/Data Smart" approach by proactively managing data in cloud environments/ Use automated, cryptographic data

+ Read more

tagging and metadata content labeling to promote a data-centric, data-driven operational environment throughout its lifecycle. This will help the U.S. and her allies and partners maintain a decision advantage in future conflicts.

10
The Digital Workforce

Ensure "No One Is Left Behind" by continuously training and developing IT and cybersecurity personnel on the latest cloud tools,

+ Read more

automated processes, and modern software technologies. Build strong partnerships with the Department, other governmental agencies, and academia to build a resilient cyber workforce.

Top 10

OT cybersecurity best practices

for Defense Industrial Base (DIB) Partners
Download PDF ↓

The "Brilliant at the Basics" Cybersecurity Campaign is designed to empower our Defense Industrial Base (DIB) partners — particularly innovative small and mid-sized businesses — with streamlined, practical guidance to confidently protect their operations without the burden of massive compliance overhead. In alignment with the Department of War’s (DoW) mission to supercharge the "Arsenal of Freedom," this guide distills vital cybersecurity principles into clear, actionable steps for Operational Technology (OT) environments.

As we work together to streamline compliance and remove administrative barriers, protecting operational technology, from weapon systems to critical infrastructure controls, remains a vital, shared responsibility. By adopting these foundational core practices, industry partners can fortify their OT, reduce technical debt, and ensure the rapid, secure delivery of superior technology to the tactical edge—ultimately delivering peace through technical strength.

01
Identity and Access Control

Manage who has access to your OT by enforcing strict identity and access control. Ensure your system authenticates the identity of every user and

+ Read more

before accessing your network. Enforce strong access controls and require multi-factor authentication (MFA) for sensitive systems. Under Zero Trust, users should only be granted the "least privilege" needed to do their specific job, nothing more. Adopt a "never trust, always verify" mindset to protect your business.

02
Validated Asset Inventory

The first step for any business is to create and maintain an inventory of all devices connected to your network: computers, servers, printers, and any

+ Read more

specialized operational equipment. A comprehensive inventory is the foundation for risk management, threat detection, and resilient defense.

03
Strict Network Segmentation

A key architectural step is to logically separate your business IT network from your critical operational systems. By creating strict partitions, or segments,

+ Read more

you make it much harder for an intruder who gains access to one part of your network to move laterally and disrupt your core functions. This containment is a powerful defensive measure. A flat network is a vulnerable network.

04
OT-Specific Incident Response and Recovery Plan

A well-rehearsed, OT-specific Incident Response Plan (IRP) is critical for safeguarding mission

+ Read more

assurance and maintaining operational resilience against cyber-physical disruptions. Unlike enterprise IT, OT incident response prioritizes life safety, environmental protection, and physical availability, meaning abrupt system shutdowns are rarely a viable containment strategy.

A robust plan requires maintaining offline backups, segregating Safety Instrumented Systems (SIS), and coordinating closely with external vendors to validate embedded firmware. During an event, response teams must quickly correlate network anomalies with physical process deviations, sever IT/OT connections to contain lateral movement, and safely transition to manual control. Finally, recovery demands scrubbing malicious logic, executing localized and phased physical restarts with joint sign-off from both cybersecurity and process engineering leads, and integrating lessons learned into regular cross-functional tabletop exercises.

05
Manage Known Vulnerabilities

To protect critical infrastructure, apply compensating controls when you cannot immediately patch operational equipment.

+ Read more

Because taking machinery offline for patching is often impossible due to mission-critical availability requirements, compensating controls act as essential, temporary safeguards. These measures—including strict firewall rules, network isolation/micro-segmentation, and application allowlisting—effectively isolate vulnerable devices from exploitation until they can be safely updated during a scheduled maintenance window.

06
Remote Access Pathways

Grant remote access to your OT only when needed, for the shortest time possible, and with strong authentication. Eliminate "always-on" connections

+ Read more

to reduce your exposure to external threats. Many businesses rely on vendors or remote employees for support, but every remote connection is a potential door to your network. These tips will help you reduce this vulnerability.

07
Continuous Monitoring

Extend basic monitoring to the production floor to detect unusual traffic or unauthorized access to machinery. Many firewall and

+ Read more

antivirus solutions include logging features that can provide visibility. Regularly reviewing these logs helps you spot and respond to threats before they cause damage. Remember, you can't stop what you can't see!

08
System Resiliency

Build your systems to be resilient from the start by mandating secure, composable architecture. Design your industrial networks to fail

+ Read more

safely. When upgrading control systems, prioritize resilience by grouping assets by physical location and sensitivity. A secure, modular approach ensures that critical machinery incorporates fault tolerance, physical redundancy, and localized manual overrides, meaning a cyber disruption to one component won’t stop your entire production line.

09
Supply Chain Security

Knowing your suppliers is critical to mitigating vulnerabilities. This is accomplished thought things like proactive procurement, lifecycle

+ Read more

management, and supply chain illumination. Your company's security is connected to the security of your suppliers. It is crucial to understand the entirety of your organization’s supply chain and to hold external suppliers to the same security standards as that of the organization to maintain the overall level of security. Requiring vendors to engineer systems and system components to DoW standards ensures built-in security features before purchase. For legacy OT, programs need to set a hard schedule to replace undefendable hardware.

10
Review Processes

For businesses with physical operations, safety and security go hand-in-hand. Before making any significant changes to your systems,

+ Read more

including security updates, it's crucial to have a formal review process. This engineers safety and mission assurance into all changes in order to ensure that a security change doesn't accidentally create an unsafe condition for your employees or your operations.

Keep going

Additional resources

19 resources
DoW Zero Trust Strategy
Sets the Zero Trust strategy and implementation standards for the Department of Defense.
Open →
CISA Guide: Why OT Authentication is a Challenge
The Cybersecurity and Infrastructure Security Agency is the nation's lead agency for cyber defense, providing free tools and guidance.
Open →
NIST Cybersecurity Framework 2.0: Small Business Quick-Start Guide
Provides small-to-medium sized businesses (SMB), specifically those who have modest or no cybersecurity plans in place, with considerations to kick-start their cybersecurity risk management strategy by using the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0.
Open →
NIST: Guide to OT Security (SP 800-82)
The National Institute of Standards and Technology SP 800-82 is the federal government's foundational guide for securing Operational Technology (OT) and Industrial Control Systems (ICS), providing small businesses and defense partners with detailed, practical blueprints for protecting critical physical operations from cyber threats.
Open →
Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators
Open →
DoW Control Systems/OT Security Requirements Guide (SRG)
The DoW’s official guide outlining OT security requirements for partners.
Open →
NIST Operational Technology Security Resources
Open →
NSA CCC Attack Surface Management Tools
The National Security Agency’s Collaboration Center works directly with industry partners to share threat intelligence and provide security tools.
Open →
CISA Cybersecurity Best Practices
The Cybersecurity and Infrastructure Security Agency is the nation's lead agency for cyber defense, providing free tools and guidance.
Open →
DC3 DCISE Cybersecurity Capability Support
The Defense Cyber Crime Center’s DIB Collaborative Information Sharing Environment is a hub offering support to help defense partners build and maintain safe, secure cybersecurity capabilities and share threat information.
Open →
Project Spectrum (Cybersecurity Resources for DIB)
A DoW-supported initiative providing no-cost tools, training, and guidance to help small businesses improve their cybersecurity posture.
Open →
CISA Industrial Control Systems (ICS) Resources
The Cybersecurity and Infrastructure Security Agency is the nation's lead agency for cyber defense, providing free tools and guidance.
Open →
CISA All Resources & Tools
The Cybersecurity and Infrastructure Security Agency is the nation's lead agency for cyber defense, providing free tools and guidance.
Open →
NSA CCC Software Supply Chain Security Resources
The National Security Agency’s Collaboration Center works directly with industry partners to share threat intelligence and provide security tools.
Open →
For information on workforce partnership opportunities check out the Department’s Cyber Workforce Rotation Program
Open →
Cyber Academic Engagement Office
Information on partnering with academia, including the National Centers of Academic Excellence – Cyber.
Open →
DoW Software Modernization Strategy
Information on the Department’s approach to software.
Open →
DoW’s Enterprise DevSecOps Fundamentals
Additional information on the Department’s approach to DevSecOps.
Open →
DevSecOps Activities and Tools Guidebook
Additional information on the Department’s approach to DevSecOps.
Open →
Disclosure

The information and best practices provided in this post are for educational and informational purposes only. Under no circumstances shall the Department of War be held liable for any loss, damage, or security incidents arising from the use of, or reliance upon, the information provided in this post. Implementing the suggestions outlined herein does not guarantee immunity from cyber threats, data breaches, or system compromises. Security practices must be tailored to the specific technical, operational, and regulatory requirements of your organization.