NSA, CISA Warn of Threats to US Critical InfrastructureRemote Access by Decentralized Workforce Creates Risks
The U.S. National Security Agency and the Cybersecurity and Infrastructure Security Agency have issued a joint warning that hackers are increasingly targeting OT and critical infrastructure.
The alert also warns of a "perfect storm" of vulnerabilities that hackers are looking to exploit. This includes remote access to critical operational technology systems by a decentralized workforce. The agencies also note that older OT systems are not designed to defend against modern attacks.
"Internet-accessible OT assets are becoming more prevalent across the 16 U.S. critical infrastructure sectors as companies increase remote operations and monitoring, accommodate a decentralized workforce, and expand outsourcing of key skill areas such as instrumentation and control, OT asset management/maintenance and, in some cases, process operations and maintenance," according to the alert issued Thursday.
The alert does not cite any specific recent threats. But it notes that hackers, including nation-state actors, are increasingly changing their tactics to target OT systems and critical infrastructure. This includes increasing use of spear-phishing emails to gain a foothold within vulnerable networks, deploying ransomware, connecting to programmable logic controllers using remote access protocols and taking advantage of software flaws.
"Due to the increase in adversary capabilities and activity, the criticality to U.S. national security and way of life and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to U.S. interests or retaliate for perceived U.S. aggression," the two agencies warn.
In February, CISA reported that a ransomware attack crippled a U.S. natural gas facility for two days (see: Ransomware Attack Hit US Natural Gas Facility).
The new alert notes a recent attempt to hack a critical water facility in Israel that was stopped by the country's National Cyber Directorate.
Concern for DOD
One of the main concerns for both the two agencies is that vulnerable OT systems are used extensively throughout the U.S. Defense Department as well as by private firms that supply technology and other resources to DOD.
"Operational technology assets are pervasive and underpin many essential national security functions, as well as the defense industrial base," notes Anne Neuberger, director of NSA's Cybersecurity Directorate.
NSA and CISA encouraged federal agencies and private firms that have extensive OT infrastructures to take steps to protect these assets, such as:
- Create a resiliency plan for OT systems: This includes disconnecting certain OT assets from the internet and creating a manual process to restart industrial control systems in case of an attack.
- Draft an incident response plan: This includes conducting tabletop exercises to anticipate new techniques that hackers might use. The alert also encourages private businesses and government agencies to work with entities such as CISA to review cybersecurity plans.
- Harden networks: The alert encourages federal agencies and private firms to prevent certain access to OT networks. It also advises organizations to use tools such as the Shodan search engine to scan for internet-accessible OT devices and apply patches if needed.