NSA Issues Alert For Critical Infrastructure Operators


Operators of critical infrastructure are being warned to harden their networks against cyber threats to their operational technology (OT)

Both the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert about the cyber threat to critical infrastructure.

They warned that critical businesses using Operational Technology (OT) and control system assets across the variety of sectors need to take “immediate actions to reduce exposure”.

Last month researchers at Cybereason warned that cyber-criminals are shifting tactics against critical infrastructure in favour of multi-stage ransomware attacks that include stealing sensitive data, in order to maximise damage and profits.

Operational Technology

The NSA and CISA this week recommended that all critical infrastructure facilities take immediate actions to secure their OT assets.

“Over recent months, cyber actors have demonstrated their continued willingness to conduct malicious cyber activity against critical infrastructure (CI) by exploiting internet-accessible operational technology (OT) assets,” they stated.

And they cautioned that state sponsored hackers are getting increasingly sophisticated.

“Due to the increase in adversary capabilities and activity, the criticality to US national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to US interests or retaliate for perceived US aggression,” the alert stated.

“At this time of heightened tensions, it is critical that asset owners and operators of critical infrastructure take the following immediate steps to ensure resilience and safety of US systems should a time of crisis emerge in the near term,” it added.

They warned of a “perfect storm” of threats are now being faced by operators of OT kit.

Threats include spearphishing and ransomware attacks, and operators are being urged to have a resilience plan for OT; exercise their incident response plan; harden their network; map their network; evaluate cyber risks; and finally implement a continuous and vigilant system monitoring program.

Ongoing attacks

At least one security expert warned that attacks against operators of critical infrastructure are ongoing as we speak.

“Today’s joint alert from the NSA and CISA about malicious activity targeting operational technology (OT) and critical infrastructure should be taken very seriously,” said Marty Edwards, former Director of ICS-CERT and VP of OT Security at Tenable.

“Don’t be fooled – this isn’t a warning about the possibility of attacks,” said Edwards. “This is a warning that attacks have occurred and are ongoing as we speak.”

“OT is foundational to absolutely everything we do – from the energy we rely on, to the factories manufacturing medical devices, to the water we drink,” said Edwards. “The country runs on OT. And while our reliance on OT has only increased, so too has the convergence of IT and OT. Internet-accessible OT devices are significantly more exposed to outside threats than the near-extinct air-gapped systems of old.”

“Organisations that utilise OT must remain vigilant and ensure they have complete, real-time visibility across their environments, including IT and OT assets and their associated vulnerabilities,” Edwards concluded. “From there, security teams need to prioritize risk-based mitigations such as vulnerability severity, exploitability and asset criticality.”

Do you know all about security? Try our quiz!