Officials from the National Security Agency and Cybersecurity Security Infrastructure Agency (CISA) are cautioning owners of critical infrastructure operational technology (OT) and control systems assets to be aware of current threats, prioritize assessment of their cybersecurity defenses and take appropriate action to secure their systems and infrastructure
Cyber criminals have demonstrated their willingness to conduct cyber-attacks against critical infrastructure by exploiting internet-accessible operational technology assets. Due to the increase in adversary capabilities and activities, the criticality of damage to U.S. national security and economic prosperity is at higher risk. The vulnerability of OT systems and civilian infrastructure make attractive targets for foreign powers attempting to harm US interests or retaliate for perceived US transgressions, CISA said.
To call attention to this serious threat, the National Security Agency and CISA released a joint advisory.
“Operational technology assets are pervasive and underpin many essential national security functions, as well as the Defense Industrial Base,” Anne Neuberger, Director of NSA's Cybersecurity Directorate noted. “We encourage all stakeholders to apply our joint recommendations with DHS CISA.”
“As we’ve said many times, our adversaries are capable, imaginative and aim to disrupt essential services, so it is important that we make sure we are staying ahead of them." Bryan Ware, Assistant Director for Cybersecurity, CISA. “Our goal at CISA is to lead and encourage a proactive ‘whole community’ assessment and response to significant threats and ensure we provide the right tools and services at the right time.”
NSA and CISA continue to collaborate on cybersecurity issues and share information about how to best secure National Security Systems, Department of Defense systems, and the Defense Industrial Base as well as other critical infrastructure, against foreign threats, ultimately keeping America and our allies safe, CISA said.
For more detailed information, please review the joint advisory, which includes recently observed tactics, techniques, and procedures, as well as related recommendations.