- The Growing Cost of Non-Compliance and the Need for Security-First Solutions
- The Art of Delegation in a Digital Age: Empowering Teams, Not Just Offloading Tasks
- I compared two of the best Roborock models on the market - and it came down to the wire
- I found the smartest (and cheapest) way to protect your laptop's charging port
- I discovered the hidden benefit of E Ink tablets, and this study proves it
NSA Reveals
Two of the US government’s top security agencies have released a detailed new report outlining the steps owners of operational technology (OT) and industrial control systems (ICS) can take to secure critical infrastructure.
These assets are increasingly a target for APT groups keen to achieve political and economic advantage. Many attacks are designed for data theft or reconnaissance, but occasionally threat actors aim for something more destructive.
The NSA and Cybersecurity and Infrastructure Security Agency (CISA) are hoping that the mitigations outlined in their report, Control System Defense: Know the Opponent, will help OT managers prevent malicious actors from achieving their aims.
“Traditional ICS assets are difficult to secure due to their design for maximum availability and safety, coupled with their use of decades-old systems that often lack any recent security updates,” the report explained.
“Newer ICS assets may be able to be configured more securely, but often have an increased attack surface due to incorporating Internet or IT network connectivity to facilitate remote control and operations. The net effect of the convergence of IT and OT platforms has increased the risk of cyber-exploitation of control systems.”
The report lists five key mitigations:
- Limit exposure of system information in public forums to disrupt the early intelligence-gathering phase of the cyber kill chain
- Identify and secure remote access points to reduce the attack surface
- Limit access to network and control system application tools and scripts to legitimate users performing legitimate tasks on the control system
- Conduct regular independent security audits, especially of third-party vendor access points and systems
- Implement a dynamic network environment to limit the opportunities for intelligence-gathering, long-term access and bespoke tool development that static networks afford
“Owners and operators of these systems need to fully understand the threats coming from state-sponsored actors and cyber-criminals to best defend against them,” said Michael Dransfield, NSA control systems defense expert.
“We’re exposing the malicious actors’ playbook so that we can harden our systems and prevent their next attempt.”
