Hi All,
The NSA just published Stop Malicious Cyber Activity Against Connected Operational Technology
Executive summary
A significant shift in how operational technologies (OT) are viewed, evaluated, and secured within the U.S. is needed to
prevent malicious cyber actors (MCA) from executing successful, and potentially damaging cyber effects. As OT
components continue being connected to information technology (IT), IT exploitation increasingly can serve as a pivot to
OT destructive effects.
Recent adversarial exploitation of IT management software and its supply chain has resulted
in publicly documented impacts across the U.S. Government (USG) and the Defense Industrial Base (DIB). Malicious
cyber activities directed at OT also continue to threaten these networks
.
This paradigm shift applies to the stagnant OT assets and control systems installed and used throughout the USG and
DIB, many of which are past end-of-life and operated without sufficient resources. To evaluate and improve the
cybersecurity of connected OT and control systems, NSA recommends that National Security System (NSS), Department
of Defense (DoD), and DIB network owners perform a detailed risk analysis prior to creating cross-domain connections
(e.g., IT-to-OT, Internet-to-OT) and for all currently connected OT.
Following the steps below will enable OT owners and administrators to evaluate risks against their systems and use that
knowledge to guide network changes with current resources to realistically monitor and detect malicious activity. Without
direct action to harden OT networks and control systems against vulnerabilities introduced through IT and business
network intrusions, OT system owners and operators will remain at indefensible levels of risk.
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------