The CISA put out an alert that caught my eye yesterday:
CISA continues to respond to active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including those in the Water and Wastewater Systems (WWS) Sector. Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm.
CISA urges OT/ICS operators in critical infrastructure sectors to apply the recommendations listed in Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity to defend against this activity. To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage. For more information and guidance on protection against the most common and impactful threats, tactics, techniques, and procedures, visit CISA’s Cross-Sector Cybersecurity Performance Goals.
The word “Unsophisticated” is what caught my eye. That’s because this warning comes after the Arkansas City water treatment facility cyberattack:
The City of Arkansas City revealed that its water treatment facility had been breached on September 22. The city notified relevant authorities and moved the water plant to manual control to ensure safe operations.
Evan Dornbush, former NSA cybersecurity expert had this comment:
“CISA’s guidance of recommended practices may be ideal for defenders who are well staffed or are perhaps building out new networks.
“In terms of overall practicality, changing default passwords and patching and moving HMI devices behind firewalls or hardened VNC can be laborious.
“Keeping with defense in depth philosophy, it may be more efficient for established OT/ICS operators to add a network detection capability to their existing infrastructure. Using modern advancements in computation, the market is full of quality options for those looking to glean intelligence from their network data.
“Subscribing to a cyber threat intelligence platform is another low-friction avenue. Those purport to increase awareness of known exploited vulnerabilities (KEV) which can help steer defenders towards highest priority infrastructure.”
I truly hope that organizations take these warnings seriously. There’s enough evidence out there that should suggest that not doing so will end badly for all concerned.
Like this:
Like Loading...
Related
This entry was posted on September 28, 2024 at 8:15 am and is filed under Commentary with tags CISA. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
CISA Warns Of “Unsophisticated” Attacks Targeting Industrial Systems
The CISA put out an alert that caught my eye yesterday:
CISA continues to respond to active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including those in the Water and Wastewater Systems (WWS) Sector. Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm.
CISA urges OT/ICS operators in critical infrastructure sectors to apply the recommendations listed in Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity to defend against this activity. To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage. For more information and guidance on protection against the most common and impactful threats, tactics, techniques, and procedures, visit CISA’s Cross-Sector Cybersecurity Performance Goals.
The word “Unsophisticated” is what caught my eye. That’s because this warning comes after the Arkansas City water treatment facility cyberattack:
The City of Arkansas City revealed that its water treatment facility had been breached on September 22. The city notified relevant authorities and moved the water plant to manual control to ensure safe operations.
Evan Dornbush, former NSA cybersecurity expert had this comment:
“CISA’s guidance of recommended practices may be ideal for defenders who are well staffed or are perhaps building out new networks.
“In terms of overall practicality, changing default passwords and patching and moving HMI devices behind firewalls or hardened VNC can be laborious.
“Keeping with defense in depth philosophy, it may be more efficient for established OT/ICS operators to add a network detection capability to their existing infrastructure. Using modern advancements in computation, the market is full of quality options for those looking to glean intelligence from their network data.
“Subscribing to a cyber threat intelligence platform is another low-friction avenue. Those purport to increase awareness of known exploited vulnerabilities (KEV) which can help steer defenders towards highest priority infrastructure.”
I truly hope that organizations take these warnings seriously. There’s enough evidence out there that should suggest that not doing so will end badly for all concerned.
Share this:
Like this:
Related
This entry was posted on September 28, 2024 at 8:15 am and is filed under Commentary with tags CISA. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.