Security News > 2020 > July > NSA, CISA Urge Critical Infrastructure Operators to Secure OT Assets
The U.S. National Security Agency and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency have issued a joint alert urging critical infrastructure operators to take immediate measures to reduce the exposure of operational technology systems to cyberattacks.
The NSA and CISA say it's imperative that critical infrastructure asset owners and operators secure industrial control systems and other OT systems due to the high risk of cyberattacks launched by foreign threat actors.
"Due to the increase in adversary capabilities and activity, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to U.S. interests or retaliate for perceived U.S. aggression. OT assets are critical to the Department of Defense mission and underpin essential National Security Systems and services, as well as the Defense Industrial Base and other critical infrastructure," the alert reads.
It continues, "At this time of heightened tensions, it is critical that asset owners and operators of critical infrastructure take the following immediate steps to ensure resilience and safety of U.S. systems should a time of crisis emerge in the near term."
According to the NSA and CISA, there are six main mitigations that organizations need to focus on: creating an OT resilience plan, creating and exercising an incident response plan, hardening the OT network, creating an accurate and detailed map of OT infrastructure, understanding and evaluating cyber risk, and implementing a continuous monitoring program for detecting anomalies.
News URL
Related news
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- CISA, FBI Issue Guidance for Securing Communications Infrastructure (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)