The US Defense Department and third-party military contractors are being advised to strengthen the security of their operational technology (OT) in the wake of security breaches, such as the SolarWinds supply chain attack.

The guidance comes from the NSA, which this week has issued a cybersecurity advisory entitled “Stop Malicious Cyber Activity Against Connected Operational Technology”

In its advisory, the NSA describes how organisations should evaluate the risks against OT – such as Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS) – and make changes to “realistically monitor and detect malicious activity.”

According to the NSA, if the pros and cons of connecting OT networks and control systems to traditional IT networks and the public internet are not properly reassessed, there is a danger that organisations will be placing themselves in “indefensible levels of risk.”

Just how serious are the risks if OT hardware such as valves and pressure sensors within industrial operations are impacted by a malicious hacker?

Well, the NSA doesn’t mince its words:

The risks could involve many aspects, including:

a. Loss of process control.

b. Failure of safety systems/equipment to operate as designed.

c. Loss of revenue from process interruptions or shutdowns. d. Loss of human life should safety systems/equipment not operate appropriately.

And this is the reason why the authorities are calling on operators to acknowledge that standalone OT systems that are not connected to enterprise IT systems and the outside world are “safer from outside threats… no matter how secure the outside connections are thought to be.”

Of course, having such systems entirely unconnected on a permanent basis brings its own challenges, and so the NSA acknowledges that “an intermittently connected OT system can be a good compromise because it is only at risk (Read more...)