NSA: Connecting OT to the net can lead to “indefensible levels of risk”

The US Defense Department and third-party military contractors are being advised to strengthen the security of their operational technology (OT) in the wake of security breaches, such as the SolarWinds supply chain attack.

The guidance comes from the NSA, which this week has issued a cybersecurity advisory entitled “Stop Malicious Cyber Activity Against Connected Operational Technology”

In its advisory, the NSA describes how organisations should evaluate the risks against OT – such as Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS) – and make changes to “realistically monitor and detect malicious activity.”

According to the NSA, if the pros and cons of connecting OT networks and control systems to traditional IT networks and the public internet are not properly reassessed, there is a danger that organisations will be placing themselves in “indefensible levels of risk.”

Just how serious are the risks if OT hardware such as valves and pressure sensors within industrial operations are impacted by a malicious hacker?

Well, the NSA doesn’t mince its words:

The risks could involve many aspects, including:

a. Loss of process control.

b. Failure of safety systems/equipment to operate as designed.

c. Loss of revenue from process interruptions or shutdowns. d. Loss of human life should safety systems/equipment not operate appropriately.

And this is the reason why the authorities are calling on operators to acknowledge that standalone OT systems that are not connected to enterprise IT systems and the outside world are “safer from outside threats… no matter how secure the outside connections are thought to be.”

Of course, having such systems entirely unconnected on a permanent basis brings its own challenges, and so the NSA acknowledges that “an intermittently connected OT system can be a good compromise because it is only at risk when it is connected, which should only be done when required, such as for downloading updates or during times when remote access is required for a finite period of time.”

The NSA is right in pointing out that every time an isolated OT system and IT systems connect there is a rise in the risk level, due to the increased attack surface. So careful judgment calls need to be made about what the most important IT-OT connections are, and to ensure that they are hardened as much as possible to fend off potential attacks.

Where IT-OT connectivity is deemed essential, the NSA recommends organisations ensure that all connections are fully managed, and that all access attempts are authenticated, actively monitored, and logged.

Properly understanding the risks associated with connecting critical IT and OT systems and putting measures in place to protect them, should lead to an improved cybersecurity posture… and reduce the chance that a potentially highly-damaging or deadly attack will succeed.

More details on what steps OT administrators should take to protect their systems can be found in the NSA’s advisory.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc