The National Security Administration (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) warn that there are active, known threats to industrial control systems (ICS) and operational technology (OT) that critical infrastructure sectors should be aware of.
In particular, the report, “Control Systems Defense: Know the Opponent,” warns of the rise in attacks against utility and industrial targets by advanced persistent threat (APT) groups and gathers insights into tactics, techniques and procedures (TTPs). common threats to ICS and OT systems to help security teams strengthen their defenses. For example, APTs have recently begun developing tools specifically for scanning, compromising and controlling targeted OT devices, according to the feds.
“State-sponsored APT actors target critical infrastructure for political and/or military objectives, such as destabilizing political or economic landscapes or causing psychological or social impacts on a population,” according to the warning, issued on September 22. “The cyber actor selects the target and the intended effect — to disrupt, disable, deny, deceive and/or destroy — based on those goals.”
Awareness of this growing threat is key. “Owners and operators of these systems need to fully understand the threats posed by state-sponsored actors and cybercriminals in order to best defend against them,” Michael Dransfield, the NSA’s control systems defense expert, said of the new cybersecurity advisory. “We expose the playbook of malicious actors so we can harden our systems and prevent their next attempt.”