NSA, CISA Urge Critical Operators to Secure OT Assets


The U.S. National Security Agency and the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security issued a joint warning advising critical infrastructure operators to take immediate action to reduce vulnerability to cyberattacks from operational technology (OT) systems.

The NSA and CISA say it is important that critical infrastructure asset owners and operators protect industrial control systems ( ICS) and other OT systems because of the high risk of cyber-attacks initiated by international threat actors.

The agencies state that manufacturing systems are increasingly being opened to the Internet for remote operations and monitoring purposes, widening outsourcing of key skill areas and accommodating a global workforce.

Also increasing the risk of successful attacks is the use of legacy ICS that has not been designed with security in mind, the availability of scanners such as Shodan and Kamerka, and the availability of tools for exploitation.

“Because of enhanced adversarial capability and operation, criticality to U.S. national security and lifestyle, and vulnerability of OT systems, civilian infrastructure renders attractive targets for foreign powers attempting to damage U.S. interests or retaliate against perceived U.S. aggression. OT assets are vital to the Defense Department’s (DoD) mission and support important National Security Systems (NSS) and facilities, as well as the Industrial Defense Base (DIB) and other critical infrastructure, “reads the warning.

It continues, “At this time of heightened tensions, it is important that asset owners and vital infrastructure operators take the following immediate measures to ensure U.S. systems’ stability and protection should a crisis period arise in the near term.”

The alert warns organizations about using tactics, techniques , and procedures (TTPs), such as spearphishing, ransomware attacks, and connecting with programmable logic controllers ( PLCs) that are exposed to the Internet, and modifying their control logic and parameters. Threat actors can cause loss of connectivity on the OT network, result in loss of productivity and revenue, cause partial loss of vision for human operators, and disrupt physical processes.

In February, CISA announced that a ransomware attack resulted in a two-day operational shutdown of an entire pipeline network at a US natural gas compression plant. The organization said the assault on the target’s OT network impaired control and communication properties.

There are six main mitigations, according to the NSA and CISA, that organizations need to concentrate on: designing an OT contingency plan, developing and executing an incident response plan, hardening the OT network, creating an accurate and detailed map of the OT infrastructure, identifying and assessing cyber risk, and implementing a continuous monitoring program to detect anomalies.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.