The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have recommended that all DoD, NSS, DIB and US critical infrastructure facilities take immediate actions to secure their operational technology (OT) assets.
The advice comes in light of the greater use of internet-accessible OT assets to help enable organizations to operate remotely, a phenomenon accelerated by the COVID-19 pandemic. It is an important means of accommodating a decentralized workforce and expanding the outsourcing of key skill areas.
However, it is making organizations more vulnerable to cyber-attacks, with the NSA and CISA noting that “legacy OT assets that were not designed to defend against malicious cyber-activities, combined with readily available information that identifies OT assets connected via the internet, are creating a ‘perfect storm.’”
The NSA and CISA stated they have recently observed OT assets being targeted by methods including spear-phishing and commodity ransomware.
To try and avoid damaging scenarios such as loss of availability on OT networks, especially of critical infrastructure facilities, the NSA and CISA recommend a range of measures are taken:
- Have a resilience plan for OT
- Exercise your incident response plan
- Harden your network
- Create an accurate as-operated OT network map immediately
- Understand and evaluate cyber-risk on as-operated OT assets
- Implement a continuous and vigilant system monitoring program
Commenting on the statement, Marty Edwards, former director of ICS-CERT and VP of OT Security, Tenable said: “Today’s joint alert from the NSA and CISA about malicious activity targeting operational technology (OT) and critical infrastructure should be taken very seriously. Don’t be fooled – this isn’t a warning about the possibility of attacks. This is a warning that attacks have occurred and are ongoing as we speak.
“OT is foundational to absolutely everything we do – from the energy we rely on, to the factories manufacturing medical devices, to the water we drink. The country runs on OT, and while our reliance on OT has only increased, so too has the convergence of IT and OT. Internet-accessible OT devices are significantly more exposed to outside threats than the near-extinct air-gapped systems of old.
“Organizations that utilize OT must remain vigilant and ensure they have complete, real-time visibility across their environments, including IT and OT assets and their associated vulnerabilities. From there, security teams need to prioritize risk-based mitigations such as vulnerability severity, exploitability and asset criticality.”