"CISA, NSA Provide OT, ICS Defense Strategies to Critical Infrastructure"

According to a joint cybersecurity advisory issued by the National Security Agency (NSA) and the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), Operational Technology (OT) and Industrial Control System (ICS) security do not adequately address today's threats. The advisory emphasized that OT/ICS devices and designs are publicly accessible, often include weak IT components, and include external connections and remote access that increase their attack surfaces. In addition, a wide range of tools is easily accessible to take advantage of OT and IT systems. These elements combined make ICS networks more vulnerable to malicious cyber actors. In order to help OT and ICS owners and operators better defend their assets, CISA released the advisory, building on prior CISA and NSA guidance, to provide information on the tactics, techniques, and procedures (TTPs) used by threat actors. The advisory says the attack surface for OT and ICS security has increased due to the use of decades-old technology and the rising popularity of OT and IT convergence. There has been an increase in organizations using cyber-physical systems, which integrate IT components into OT devices and infrastructure. While this integration can improve effectiveness and efficiency, it may also expose businesses to more security risks. To reduce the exposure of sensitive data, ICS and OT owners and operators must make calculated security decisions. CISA and the NSA highlighted the importance of maintaining cyber awareness and ensuring the security of OT and ICS assets even though traditional IT-based cyberattacks are more of a common threat. The agencies advise organizations to implement a few simple strategies to mitigate realistic threats. For example, organizations should focus on limiting the exposure of system information and, whenever possible, avoid disclosing information about system hardware, firmware, or software. Organizations should only share data that is required to comply with applicable legal requirements, such as those mandated by vendors. Owners and operators should also identify and secure remote access points, limit access to control system and network application tools and scripts, and perform regular security audits. Finally, the advisory suggested that organizations implement a dynamic network environment by making manageable network changes, such as modifying IP address pools or upgrading operating systems regularly. This article continues to discuss the joint cybersecurity advisory issued by CISA and NSA to critical infrastructure entities.

HealthITSecurity reports "CISA, NSA Provide OT, ICS Defense Strategies to Critical Infrastructure"