NSA Reveals "Hackers' Playbook" for OT Attacks

Written by

Two of the US government’s top security agencies have released a detailed new report outlining the steps owners of operational technology (OT) and industrial control systems (ICS) can take to secure critical infrastructure.

These assets are increasingly a target for APT groups keen to achieve political and economic advantage. Many attacks are designed for data theft or reconnaissance, but occasionally threat actors aim for something more destructive.

The NSA and Cybersecurity and Infrastructure Security Agency (CISA) are hoping that the mitigations outlined in their report, Control System Defense: Know the Opponent, will help OT managers prevent malicious actors from achieving their aims.

“Traditional ICS assets are difficult to secure due to their design for maximum availability and safety, coupled with their use of decades-old systems that often lack any recent security updates,” the report explained.

“Newer ICS assets may be able to be configured more securely, but often have an increased attack surface due to incorporating Internet or IT network connectivity to facilitate remote control and operations. The net effect of the convergence of IT and OT platforms has increased the risk of cyber-exploitation of control systems.”

The report lists five key mitigations:

  • Limit exposure of system information in public forums to disrupt the early intelligence-gathering phase of the cyber kill chain
  • Identify and secure remote access points to reduce the attack surface
  • Limit access to network and control system application tools and scripts to legitimate users performing legitimate tasks on the control system
  • Conduct regular independent security audits, especially of third-party vendor access points and systems
  • Implement a dynamic network environment to limit the opportunities for intelligence-gathering, long-term access and bespoke tool development that static networks afford

“Owners and operators of these systems need to fully understand the threats coming from state-sponsored actors and cyber-criminals to best defend against them,” said Michael Dransfield, NSA control systems defense expert.

“We’re exposing the malicious actors’ playbook so that we can harden our systems and prevent their next attempt.”

What’s hot on Infosecurity Magazine?