The National Security Administration (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are warning that there are active, known threats to industrial control systems (ICS) and operational technology (OT) that critical infrastructure sectors should be aware of.
In particular, the report, “Control Systems Defense: Know the Opponent,” warns about the rise in attacks against utilities and industrial targets from advanced persistent threat (APT) groups and gathers insights into the tactics, techniques, and procedures (TTPs) of common threats to ICS and OT systems to help security teams shore up their defenses. For instance, APTs have recently begin developing tools specifically for scanning, compromising, and controlling targeted OT devices, according to the feds.
“State-sponsored APT actors target critical infrastructure for political and/or military objectives, such as destabilizing political or economic landscapes or causing psychological or social impacts on a population,” according to the alert, issued Sept. 22. “The cyber-actor selects the target and intended effect — to disrupt, disable, deny, deceive, and/or destroy — based on these objectives.”
Awareness of this growing threat is key. “Owners and operators of these systems need to fully understand the threats coming from state-sponsored actors and cybercriminals to best defend against them,” Michael Dransfield, NSA control systems defense expert, said about the new cybersecurity advisory. “We’re exposing the malicious actors’ playbook so that we can harden our systems and prevent their next attempt.”