When working to protect our OT systems, it’s important to hear what the big players have to say. In these matters, both NSA and CISA have plenty to share with cybersecurity experts.
The panorama in cybersecurity changes expeditiously and keeping up with the latest practices and technologies to protect our OT systems with effectiveness can be demanding. That’s why knowing the experts’ standards and suggestions comes in handy.
In the following lines, we will address recommendations from the NSA and CISA experts to keep our OT systems well-protected.
Understanding the Threats
Everything begins with understanding which ones are the threats that today menace our infrastructures and networks. Only by knowing the types of attacks that may generate a negative outcome for our businesses we can really make a decision in the right direction.
So, when it comes to OT, what are the threats that demand our attention?
- Spear phishing: This is probably the most used technique in the cybercriminal’s toolkit. Spear phishing attacks are based on social engineering, using emails or other communication channels to contact and deceive individuals with privileged access to sensitive information and secured systems.
- Commodity ransomware: It refers to more sophisticated, large-scale ransomware campaigns that aim to penetrate private networks, block access to data, and demand a ransom in order not to destroy or make public such data.
- Connection to PLCs: It refers to defective cybersecurity methods that leave PLCs publicly accessible to malicious agents.
- Vulnerable ports and protocols: It refers to the outdated nature of many OT ports and protocols, many of which are being used today but were built decades ago when cybersecurity wasn’t a pressing priority.
- Modifying PLCs: It refers to the potential threat of modifying PLCs, more specifically control logic and parameters.
These threats to OT can impact organizations and their systems in different ways per NSA and CISA experts:
- Impacting a loss of availability on the OT network.
- Partial loss of view for human operators.
- Resulting in the loss of productivity and revenue.
- Adversary manipulation of control and disruption to physical processes.
Plan for Disaster
The NSA and CISA experts recommend us, based on experience, to be pessimistic. We should be thinking, in our cybersecurity planning, in the worst scenario possible. And that is not a malfunctioning OT system but one actively operating contrary to reliable processes. Or even worse: one controlled at will by a malicious party.
OT resilience plans must include immediate disconnection protocols, instructions for continued manual processes, swift restoration of OT devices and services, backups of essential and nonessential resources, and comprehensive testing of every single operation.
Exercise the Response Plan
Despite how good our plans may appear, we need to exercise them in order to make sure that our organization would actually respond effectively if required.
Ideally, businesses should conduct tabletop exercises that include executive roles, PR, legal teams, IT, OT, and other relevant departments. With these roles, it must be discussed key decision points and make sure it’s clear who has the authority to make determined decisions under multiple circumstances and scenarios.
Make It Difficult and Be Informed
Of course, among the NSA and CISA recommendations, we couldn’t skip the good practices in cybersecurity. Here’s a round-up:
- External exposure of the OT network must be audited and then reduced as much as possible.
- Remove access from networks lacking legitimate business reasons.
- Have, maintain, monitor, and study a validated inventory of OT devices, keeping them secured with standard practices.
- Disable or modify unnecessary features and services connected to the OT network.
- Create an accurate “as-operated” OT network map with detailed asset inventory and investigate potential vulnerabilities in it, such as unauthorized OT communications.
- Define specific risks associated with existing OT elements (devices, systems, vendor software, services) through the information available through the “as-operated” OT network map.
Organizations must stay vigilant no matter what. At NSA and CISA, they are advocates of continuous vigilance and monitoring and we, at Julie Security, certainly agree on this.
Set the technologies up to guarantee reliable monitoring. A solid way to achieve it is by implementing trustable solutions as Julie Security that keep OT systems secured.