Secure OT connectivity: what New Zealand critical infrastructure operators should prioritise

New NCSC guidance sets out eight principles for secure operational technology (OT network) connectivity. In this insight, Nextro explores what NZ critical infrastructure operators should prioritise. 

Operational technology is no longer isolated from the rest of the enterprise. Building management systems, industrial control systems, security platforms, access control, video surveillance, HVAC, lifts, and smart building systems are increasingly connected to corporate networks, remote support teams, and cloud services. 

That connectivity brings clear operational benefits. It can support remote monitoring, predictive maintenance, faster response, centralised visibility, and better site performance. It also changes the risk profile. In OT, a cyber incident can affect safety, uptime, continuity, public trust, and the physical environment. 

New joint guidance published through New Zealand’s National Cyber Security Centre (NCSC) sets out eight principles for designing, securing, and managing OT connectivity. The principles are framed as desirable end states, rather than minimum requirements, but they provide a practical framework for organisations responsible for critical infrastructure, essential services, and cyber-physical systems. 

For Nextro, the guidance reinforces a core point: secure OT connectivity cannot be bolted on after deployment. It must be designed into the network, the security architecture, the supplier model, and the operational processes that keep the site running. 

Why OT connectivity needs a different risk conversation

OT environments have historically been built around safety, uptime, and operational continuity. Many include legacy systems with long lifecycles, limited update paths, and protocols that were never designed for today’s threat environment. 

The risk increases when remote access, vendor support, cloud connectivity, and third-party integrations are added without a clear business case, documented architecture, and agreed security controls. 

The key question is not simply whether a system can be connected. It is whether it should be connected, what business outcome the connection supports, what risk is acceptable, how the connection will be monitored, and how it can be isolated if required. 

NCSC’s eight secure connectivity principles in practical terms: 

1. Balance the risks and opportunities: Document why each OT connection exists, who owns the risk, what benefit it delivers, what dependencies it introduces and what the organisation will do if that connection is compromised or unavailable.

2. Limit the exposure of connectivity: Avoid direct internet exposure wherever possible. Use secure gateways, demilitarised zones, brokered access, and just-in-time connectivity to reduce the time and surface area exposed to attackers. 

3. Centralise and standardise network connections: Replace ad hoc vendor VPNs and bespoke access paths with repeatable, governed and monitored connectivity patterns.

4. Use standardised and secure protocols: Move towards secure protocol variants, apply validation at trust boundaries and treat insecure industrial protocols as exceptions that require compensating controls.

5. Harden the OT boundary: Use modern, maintainable boundary controls such as firewalls, strong authentication, least privilege, zero trust, removal of unused services, and clear third-party security requirements.

6. Limit the impact of compromise: Design the OT environment so one compromised device or account cannot move freely across the network. Segmentation, micro-segmentation, and separation of duties are critical.

7. Log and monitor all connectivity: Collect the right logs, monitor data flows, baseline normal activity and integrate high-risk alerts into security operations processes.

8. Establish an isolation plan: Plan and test how sites, services or third-party connections can be isolated while preserving safety and essential operations where possible.

What this means for New Zealand critical infrastructure

For operators of critical infrastructure, transport hubs, utilities, ports, airports, industrial sites, healthcare campuses, large commercial properties, and distributed facilities, OT connectivity needs to be treated as a whole-system security issue. 

Physical security, building systems and network infrastructure are now tightly connected. A camera, access control panel, intercom, building management controller or smart sensor is not just a field device. It can be a networked asset, a remote access pathway and part of the organisation’s broader cyber risk profile. 

This is why OT connectivity should involve IT, cybersecurity, physical security, facilities, procurement, and operational leaders. Secure design depends on shared visibility across systems, suppliers, data flows and risk owners. 

A practical OT connectivity checklist

  1. Create and maintain a definitive record of OT architecture, including assets, data flows, remote access paths and third-party dependencies. 
  2. Identify any internet-facing OT or building services assets, then remove or restrict exposure wherever possible. 
  3. Review obsolete devices and define compensating controls while planning sensible replacement timeframes. 
  4. Separate OT and building services networks from corporate networks using appropriate segmentation and boundary controls. Air gap if possible.  
  5. Centralise third-party access through a monitored and controlled gateway, rather than multiple direct access routes. 
  6. Apply phishing-resistant, multi-factor authentication, least privilege, and named user access for human-to-machine connectivity. 
  7. Log and monitor connectivity, including vendor access, break-glass activity, unusual data flows, and changes outside approved windows. 
  8. Test isolation procedures before they are needed in an incident. 

For an integrated, secure and resilient OT or Building Services Network that meets NCSC guidance, contact Nextro today to discuss your requirements. 

Read the full guidance here