In a collaborative effort to address persistent cyberthreats, the Cybersecurity and Infrastructure Security Agency (CISA) and several federal agencies have issued a joint fact sheet.
Teaming up with organizations like the Federal Bureau of Investigation (FBI), National Security Agency (NSA) and others, CISA is sharing important information about malicious cyber activity orchestrated by pro-Russia hacktivists targeting operational technology (OT) systems across North America and Europe. Owners and operators of OT systems, especially OT systems in critical infrastructure sectors, can take the following steps to safeguard against these threats:
Understand the Threat
Hacktivists are exploiting vulnerabilities in internet-exposed OT systems like human-machine interfaces (HMIs). Hacktivists capitalize on default passwords, weak credentials and outdated remote access software to gain unauthorized access.
While the impact has largely been nuisance-related so far, these malicious actors have demonstrated the capability to manipulate OT systems in ways that pose physical risks. For instance, they can alter settings to push equipment like pumps and blowers to their maximum capacity, potentially causing damage or disruptions.
In early 2024, several water utilities experienced unauthorized access to their HMIs. This led to disruptions, including equipment functioning outside typical parameters, alarms being disabled, and operators losing access to crucial controls.
Building Secure OT Systems
The joint fact sheet also emphasizes the importance of building more secure OT products. OT device manufacturers are urged to eliminate default passwords and implement multifactor authentication to enhance security.
Mitigating the Risk
Properly securing OT systems is paramount to protecting operations from escalating threats. To address the risks outlined in the fact sheet, owners and operators of OT systems for critical infrastructure can implement the following recommendations:
- Establish a secure demilitarized zone (DMZ). Create barriers between the internet, corporate networks and OT networks to mitigate unauthorized access.
- Conduct asset inventory and network mapping. Understand the hardware, software and network topology of your OT environment. Identify mission-critical systems and points of ingress/egress.
- Assess vulnerabilities. Identify and prioritize vulnerabilities based on their importance. Determine whether immediate action is required or if risks can be addressed during routine maintenance.
- Monitor and detect. Establish monitoring and detection mechanisms to gain operational visibility and situational awareness within OT environments.
- Develop incident response plans. Create and test incident response plans, along with business continuity and disaster recovery plans, to effectively respond to cyber incidents.
The joint fact sheet issued by CISA and collaborating federal agencies underscores the critical need for proactive measures to counter cyberthreats targeting OT systems. With proactive measures and robust cybersecurity practices, organizations can defend against hacktivists’ threats and safeguard operational technology systems.
Critical infrastructure organizations can struggle to protect their operations from cybersecurity attacks. Managed threat services can prevent service disruptions, data theft and infrastructure damage.