Powering Strong Communities

NSA, CISA urge critical infrastructure owners and operators to secure OT assets

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert in which they said it is critical that asset owners and operators of critical infrastructure take immediate steps to secure their operational technology (OT) assets.

The NSA and CISA said that over recent months, cyber actors have demonstrated their continued willingness to conduct malicious cyber activity against critical infrastructure (CI) by exploiting internet-accessible operational technology OT assets.

“Due to the increase in adversary capabilities and activity, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to U.S. interests or retaliate for perceived U.S. aggression,” the July 23 alert noted.

OT assets are critical to the Department of Defense mission and underpin essential National Security Systems and services, as well as the Defense Industrial Base and other critical infrastructure, the alert said.

The agencies said that at this time of heightened tensions, it is critical that asset owners and operators of critical infrastructure take immediate steps to ensure resilience and safety of U.S. systems “should a time of crisis emerge in the near term.”

The NSA and CISA are recommending that all Department of Defense, National Security Systems, Defense Industrial Base and U.S. critical infrastructure facilities take immediate actions to secure their OT assets.

The alert notes that internet-accessible OT assets are becoming more prevalent across the 16 U.S. critical infrastructure sectors “as companies increase remote operations and monitoring, accommodate a decentralized workforce, and expand outsourcing of key skill areas such as instrumentation and control, OT asset management/maintenance, and in some cases, process operations and maintenance.”

The alert details recently observed tactics, techniques, and procedures, as well as impacts.

It also outlines the following mitigation strategies:

  • Have a Resilience Plan for OT
  • Exercise your Incident Response Plan
  • Harden Your Network
  • Create an Accurate “As-operated” OT Network Map Immediately
  • Understand and Evaluate Cyber-risk on “As-operated” OT Assets
  • Implement a Continuous and Vigilant System Monitoring Program

Additional details are available here.