Earlier this month the Cybersecurity and Infrastructure Security Agency (“CISA”), the U.S. federal agency under the Department of Homeland Security (“DHS”) whose mission is to protect the nation’s critical infrastructure from physical and cyber threats, issued a fact sheet titled “Primary Mitigations for Reducing Cyber Threats to Operational Technology.” The CISA fact sheet, which was jointly issued with the Federal Bureau of Investigation, the Environmental Protection Agency, and the Department of Energy, warned of cyber incidents intentionally targeting operational technology (“OT”) and industrial control systems—such as those used to control pipelines, compressors, pump stations, and storage terminals.
The fact sheet urges infrastructure entities to take action to improve their cybersecurity posture and offers a number of ways to mitigate the existing threats:
- Remove OT connections to the public internet
- Sophisticated bad actors can find and exploit public-facing assets
- Change default passwords immediately and use strong, unique passwords
- Default passwords are often available on the internet or easily guessable
- Secure any remote access to OT networks
- If remote access is necessary, upgrade to a private network connection using a VPN and multifactor authentication
- Apply the principle of least privilege to each specific OT asset
- Limit access to users who need access to each specific asset and limit each user’s rights to their specific scope of work
- Segment IT and OT networks
- This will reduce the impact of a successful cyberattack
- Practice and maintain the ability to operate OT systems manually
- Prepare for a cyber incident by gaming out reverting to manual controls to restore operations in the event of a cyberattack.
CISA also recommends that organizations that use third parties as a part of their OT infrastructure communicate with those third parties regularly on the above topics.
The CISA fact sheet links to a number of detailed resources to assist organizations with achieving the above.
