The Cybersecurity & Infrastructure Security Agency (CISA) and the National Security Agency (NSA) laid out a series of recommendations for critical infrastructure owners and operators to protect their operational technology (OT) assets.

In an alert published on July 23, CISA published an alert in which it recognized malicious actors’ growing willingness to target OT assets.

The government body attributed these ongoing attacks to the increasing number of OT devices connected to the internet. As it explained in its bulletin:

Legacy OT assets that were not designed to defend against malicious cyber activities, combined with readily available information that identifies OT assets connected via the internet (e.g., Shodan,[2] Kamerka [3]), are creating a “perfect storm” of 1) easy access to unsecured assets, 2) use of common, open-source information about devices, and 3) an extensive list of exploits deployable via common exploit frameworks [4] (e.g., Metasploit,[5] Core Impact,[6] and Immunity Canvas [7]).

In particular, CISA noted that malicious actors had taken to launching spearphishing attacks, deploying crypto-ransomware, modifying control logic and parameters on PLCs along with executing other techniques. Those and other tactics had resulted in the loss of productivity and revenue, reduced availability of assets on the OT network and/or disruption to an organization’s physical processes.

Acknowledging those threats, CISA and NSA recommended that owners and operators of OT implement several best security practices. These should include the following

  • Develop an OT resilience plan: Organizations need to have a resilience plan in the event that they suffer a security incident. This plan should involve creating a plan to ensure the continued operations of industrial control systems (ICSes) if certain assets go down in an attack. It should also include developing a data backup strategy (Read more...)