The Inner Circle

NSA Stop Malicious Cyber Activity Against Connected Operational Technology

  • 1.  NSA Stop Malicious Cyber Activity Against Connected Operational Technology

    Posted 7 days ago
      |   view attached
    Hi All,

    The NSA just published Stop Malicious Cyber Activity Against Connected Operational Technology

    Executive summary
    A significant shift in how operational technologies (OT) are viewed, evaluated, and secured within the U.S. is needed to
    prevent malicious cyber actors (MCA) from executing successful, and potentially damaging cyber effects. As OT
    components continue being connected to information technology (IT), IT exploitation increasingly can serve as a pivot to
    OT destructive effects.

    Recent adversarial exploitation of IT management software and its supply chain has resulted
    in publicly documented impacts across the U.S. Government (USG) and the Defense Industrial Base (DIB). Malicious
    cyber activities directed at OT also continue to threaten these networks
    This paradigm shift applies to the stagnant OT assets and control systems installed and used throughout the USG and
    DIB, many of which are past end-of-life and operated without sufficient resources. To evaluate and improve the
    cybersecurity of connected OT and control systems, NSA recommends that National Security System (NSS), Department
    of Defense (DoD), and DIB network owners perform a detailed risk analysis prior to creating cross-domain connections
    (e.g., IT-to-OT, Internet-to-OT) and for all currently connected OT.

    Following the steps below will enable OT owners and administrators to evaluate risks against their systems and use that
    knowledge to guide network changes with current resources to realistically monitor and detect malicious activity. Without
    direct action to harden OT networks and control systems against vulnerabilities introduced through IT and business
    network intrusions, OT system owners and operators will remain at indefensible levels of risk.

    Michael Roza CPA, CISA, CIA, MBA, Exec MBA