On July 23, the U.S. government issued a cybersecurity alert to operators of critical infrastructure, including electric utilities, outlining “immediate actions” that they should take during what it defines as a “time of heightened tensions” in order to be avoid being compromised by a cyberattack.
The alert, “NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems,” is unusual because it was issued by two government agencies—the National Security Agency (NSA) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
According to the alert, “Over recent months, cyber actors have demonstrated their continued willingness to conduct malicious cyber activity against critical infrastructure (CI) by exploiting internet-accessible operational technology (OT) assets. Due to the increase in adversary capabilities and activity, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to U.S. interests or retaliate for perceived U.S. aggression.”
The alert added that, at this time of heightened tensions, it is critical that asset owners and operators of critical infrastructure take certain immediate steps to ensure resilience and safety of U.S. systems, should a time of crisis emerge in the near term. The NSA and CISA specifically recommended that “all DoD, NSS, DIB, and U.S. critical infrastructure facilities take immediate actions to secure their OT assets.”
The alert identified six specific mitigation efforts that these organizations should take:
- Have a resilience plan for OT
- Exercise your incident response plan
- Harden your network
- Create an accurate “as-operated” OT network map immediately
- Understand and evaluate cyber-risk on “as-operated” OT assets
- Implement a continuous and vigilant system monitoring program.