NSA and CISA Advice for Critical Infrastructure Operators
Reading Time: 2 minutes

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) in an advisory explained to critical infrastructure operators how to protect their operational technology (OT) and industrial control system (ICS) assets from cyberattacks. 

A new joint advisory warns critical infrastructure operators to know what bad actors are capable of, and cites recent cyber-attacks in Ukraine’s energy grid and against a fuel distribution pipeline.

Ukraine’s invasion by Russia has heightened fears that the cyberattacks against Ukraine could extend to Western critical infrastructure targets. The Cybersecurity and Infrastructure Security Agency earlier this year warned that attackers have been building customized tools that would give them control of ICS and SCADA devices from major manufacturers.

Cyber criminals, criminal groups, and state-sponsored actors all have the same goal – to exploit operational technology and industrial control systems for their own purposes.

When terrorism attacks occur, there’s a lot that can happen before the most dire consequences.

Too many times, system owners fail to protect their systems from the dangers of cyberattacks. They don’t know what to look for, so they are unaware of the threats that may be coming from the people they work with, said Michael Dransfield, NSA Control Systems Defense Expert

We are exposing the malicious actors’ playbook so that we can better defend our systems.

“We’re exposing the malicious actors’ playbook so that we can harden our systems and prevent their next attempt.”

There are designs for OT/ICS devices and they include vulnerable IT components. These designs are being made public.

NSA and CISA caution that malicious actors present increased risks to ICS networks. Top among these risks is readily available tools which can exploit both IT and OT systems.

The new ICSs devices working with internet connected devices, which are more vulnerable to viruses, increase their attack surface.

The attackers target specific organizations and make detailed plans to invade the OT/ICS. These plans focus on picking a target, getting the intelligence, developing tools and techniques to manipulate the system, gaining initial access, and using these tools in-target.

When making decisions about their services, operators should be aware there are risks and “assume their system is being targeted rather than that it could be.” The NSA offers simple strategies for these kind of choices.

Operators should create an inventory of remote access points and secure them, restricting scripts and tools to legitimate users and tasks. They should conduct regular security audits, implementing a dynamic network environment.

Administrators of OT/ICS environments should not make regular, unimportant changes to their networks. A few changes, like disconnecting unnecessary services and changing the number of ports on a device, can disrupt an attack by a malicious actor.

The NSA released an advisory about threats to OT and ICS systems this year, but their advisories are aimed at the US government. The most recent advisory from NSA and CISA includes suggestions for preventing those risks across all organizations in OT and ICS sectors.

The US Government has issued multiple warnings about cyberattacks. In March, they warned against possible Russian cyberattacks that could target critical infrastructure. National cybersecurity agencies also issued a warning in April. More recently, the NSA warned that attacks on IT systems may have devastating effects.

Related Articles:
Python Tarfile Flaw Sneaks In Over 350,000 Open Source Projects
Cryptocurrency Market Maker Wintermute loses $160m in Cyber-Heist
Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware