In order to prevent attacks on critical infrastructures, the US authorities CISA and NSA outline typical attack paths and describe protective measures.
The Cybersecurity & Infrastructure Agency (CISA) and the National Security Agency (NSA) want to help prevent attacks on industrial control systems (ICS) and operational technology (OT) with essential security tips.
ICS and OT in critical infrastructures are particularly worth protecting, since attackers can cause great social damage there after successful attacks. In their report “Control System Defense: Know the Opponent” they explain that such attacks take place again and again, and often politically motivated attackers use them to gain political and economic advantages.
According to CISA and NSA, traditional approaches to securing ICS/OT are not adequate for current threats. In particular, it is often not possible to close security gaps because ICS/OT are still running on outdated systems for which there are no longer any patches. Due to complex structures, a system upgrade is often not possible.
Secure systems more effectively
So that admins can do better, the authorities explain common attack scenarios in order to derive protective measures from them. Attackers often employ social engineering tactics to gain access to systems through inside information. However, they often break into company networks in advance in order to access data on the ICS/OT structure.
Admins should take care to keep information about the infrastructure of control systems secret and not leave it unencrypted on a server. It is also important to know which points can be reached via long-distance connections. These should be capped or secured via an encrypted VPN connection if they are urgently needed.
It is also essential to seal off access to certain network areas and only make them accessible to certain employees. It also helps to protect yourself by removing unnecessary scripts and tools from systems to reduce the attack surface. In addition, admins should regularly carry out security checks (audits) to check systems for vulnerabilities. In the report, admins will find other important information and tips on security.
The United States’ foreign intelligence service, the NSA, has a dubious reputation when it comes to IT security, but the agency has repeatedly published IT security tips in the past:
- Recommendations: The NSA wants us to work safely from home
- Recommendations: The NSA recommends UEFI and Secure Boot
- NSA advocates strong encryption on the web and gives tips
- Admins can use this guide from the NSA to protect IP telephony
- US authorities CISA and NSA update catalog for Kubernetes protection
- NSA gives security tips against supply chain attacks