NSA and CISA: Here’s how hackers go after critical systems, and what you need to do about it

Handwriting on the keyboard


The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released an advisory explaining how to thwart cyberattacks on Operational Technology (OT) and Industrial Control System (ICS) assets.

The New joint consultant Outlines what critical infrastructure operators should know about their opponents, citing recent cyber attacks on Ukraine’s power grid and a ransomware attack against fuel distribution pipeline.

There are growing concerns that Russia’s invasion of Ukraine and related cyberattacks Against Ukraine could spread to the targets of Western critical infrastructure. CISA warned earlier this year that attackers may Dedicated tools designed to control ICS and SCADA devices One of the major manufacturers.

The NSA and CISA document “Control System Defense: Know the Opponent” explains that advanced persistent threat groups, both criminal and state-sponsored, target OT/ICS for political gain, economic advantage, or devastating effects.

The most severe consequences of these attacks include loss of life, destruction of property, and collapse of vital national functions, but there is a lot of disruption and chaos that can occur before those extreme scenarios.

“The owners and operators of these systems must fully understand the threats coming from state-sponsored actors and cybercriminals to better defend against them,” Michael Dransfield, an NSA control systems defense expert, said:.

“We disclose evidence to malicious actors so we can strengthen our systems and prevent their next attempt.”

As noted by the agencies, builds of OT/ICS devices that include vulnerable IT components are publicly available.

“In addition, there are many readily available tools to exploit IT and OT systems. As a result of these factors, malicious cyber actors present an increased risk to ICS networks,” the NSA and CISA note in the advisory.

They also worry that newer ICS devices include an Internet or network connection for remote control and operations, increasing their attack surface.

An attacker’s “game plan” for Operational Systems/ICS intrusions includes detailed descriptions of how an attacker will select a target, gather intelligence, develop tools and techniques to navigate and manipulate systems, gain initial access, and implement tools and techniques into critical infrastructure targets.

When evaluating mitigation measures, the NSA wants operators to be more aware of the risks when deciding, for example, what information about their systems should be publicly available. It also wants operators to assume their system is being targeted instead of that being the case. It provides simple mitigation strategies in which operators can choose whether they suffer from “choice paralysis” or become confused by the range of security solutions available.

These strategies include limiting public disclosure of system hardware, firmware, and software information, and information emitted by the system. Operators must create and secure an inventory of remote access points, restrict scripts and tools to legitimate users and tasks, perform regular security audits, and implement a dynamic rather than static network environment.

On the latter point, the agencies noted: “While it may be unrealistic for administrators of many OT/ICS environments to make regular, non-critical changes, owner/operators should periodically consider making manageable network changes. It may take A simple change is a time consuming way to disable access previously obtained by a malicious actor.”

The advisory report is based on two recent advocates. The National Security Agency issued an advisory this year about Stop malicious attacks on OT, but this was aimed at the US government and defense. NSA and CISA An advisory report has been issued To reduce exposure across all OT and ICS systems.

The US government has issued multiple warnings about cyber attacks on critical infrastructure. In March, US President Joe Biden warned of possible cyber attacks from Russia He emphasized that most of the critical infrastructure is managed by the private sector. In April, national cybersecurity agencies warned of Attacks on critical infrastructure. more Recently, the National Security Agency warned Exploitation of OT-connected IT systems can “act as a hub for the disruptive effects of operational technology.”

Leave a Comment