When an unfortunate event occurs, people tend to be curious about who was responsible for the event. It can be interesting and helpful to know who your enemy is and what their motives might be. But in cybersecurity, the primary focus is ultimately on preventative and detective measures to avoid similar issues.

Let’s use a recent example to illustrate this point below.

State-Sponsored Attacks Against U.S. Infrastructure

In January 2022, a joint advisory from CISA, FBI, and the NSA highlighted common Tactics, Techniques, and Procedures (TTPs) across a range of Russian state-sponsored campaigns. The advisory identified three specific groups – APT29APT28, and the Sandworm Team – and it attributed this Russian activity to more than a dozen previously communicated known vulnerabilities. Moreover, the advisory discussed specific OT attacks in which those teams participated.

(CISA maintains a list of past attributions to Russia. You may also wish to subscribe to CISA alerts for further awareness and updates of those attack attempts.)

Putting These Attacks in Context

Although the advisory discussed above is specific to Russian threat actors, the lessons learned and approaches to preparedness, detection, and prevention are generically applicable to a wide range of threats for both IT and OT. Tim Erlin, VP of Strategy at Tripwire, agrees.

“Organizations should also review their preventive controls against the tools and techniques described in this alert,” he noted. “Identifying the attack in progress is important. But preventing the attack from being successful at all is better.”

CISA Recommendations for Your IT and OT CYBERsecurity Posture

Here’s an executive summary of those cybersecurity recommendations:

1. Apply the usual best practices

a. Use antivirus solutions properly by keeping signatures up-to-date and performing regular scans.

b. Use Multi-Factor Authentication (MFA) everywhere and for everyone. This means on OT (Read more...)