Federal Agencies Warn that Foreign Hackers Are Targeting Critical Infrastructure

A joint alert from the National Security Agency and the Department of Homeland Security offers detailed cybersecurity recommendations for critical infrastructure operators

Federal Agencies Warn that Foreign Hackers Are Targeting Critical Infrastructure

Interested in Safety?

Get Safety articles, news and videos right in your inbox! Sign up now.

Safety + Get Alerts

The National Security Agency and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently issued a joint alert warning that foreign hackers are targeting critical infrastructure, including water/wastewater systems.

The agencies recommended that critical infrastructure operators take immediate action to secure their systems.

“Due to the increase in adversary capabilities and activity, the criticality to U.S. national security and way of life, and the vulnerability of operational technology systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to U.S. interests or retaliate for perceived U.S. aggression,” the joint alert reads.

The agencies recommend that utilities and other organizations should plan for a scenario where they not only have a malfunctioning or inoperative control system, but a control system that is actively acting contrary to safe and reliable operation of the process. In case of such an event, the joint alert says you should have a resilience plan that allows your utility to:

· Immediately disconnect systems from the Internet that do not need Internet connectivity for safe and reliable operations, ensuring that compensating controls are in place where connectivity cannot be removed.

· Plan for continued manual process operations should the control system become unavailable or need to be deactivated due to hostile takeover.

· Remove additional functionality that could induce risk and attack surface area.

· Identify system and operational dependencies.

· Restore operational technology devices and services in a timely manner. Assign roles and responsibilities for the operational technology network and device restoration.

· Back up “gold copy” resources, such as firmware, software, ladder logic, service contracts, product licenses, product keys and configuration information. Verify that all “gold copy” resources are stored off-network and store at least one copy in a locked tamperproof environment like a locked safe.

· Test and validate data backups and processes in the event of data loss due to malicious cyber activity.

In the alert, the agencies also go over some recently observed tactics and techniques from adversaries; the impacts of those cyberattacks; how to exercise your incident response plan; how to harden your network; how to create an accurate and detailed operational technology infrastructure map; how to evaluate cyber-risk; and how to implement a vigilant system monitoring program

For more details, download the alert as a PDF file here.



Discussion

Comments on this site are submitted by users and are not endorsed by nor do they reflect the views or opinions of COLE Publishing, Inc. Comments are moderated before being posted.