"NSA, CISA: How Cyber Actors Compromise OT/ICS and How to Defend Against It"

The National Security Agency (NSA) and the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Advisory highlighting the common steps malicious actors have taken to compromise Operational Technology (OT)/Industrial Control System (ICS) assets and providing recommendations on how to defend against them. The advisory titled "Control System Defense: Know the Opponent" brings further attention to the growing threats to OT and ICS assets operating, controlling, and monitoring critical infrastructure and industrial processes. OT/ICS designs are available, as are many tools for exploiting IT and OT systems. In recent years, cyber actors, including Advanced Persistent Threat (APT) groups, have targeted OT/ICS systems to gain political and economic advantages, as well as cause destruction. They have recently developed tools for scanning, compromising, and controlling specific OT devices. The joint Cybersecurity Advisory expands on previous NSA and CISA guidance to prevent malicious ICS activity and reduce OT risk. Noting that traditional approaches to OT/ICS security do not adequately address threats to these systems, the NSA and CISA explore the tactics, techniques, and procedures used by cyber actors so that owners and operators can prioritize OT/ICS hardening actions. This article continues to discuss the joint Cybersecurity Advisory on how malicious cyber actors compromise OT/ICS assets and how to defend against them. 

NSA reports "NSA, CISA: How Cyber Actors Compromise OT/ICS and How to Defend Against It"