Expert Advise On NSA/CISA Alert on Foreign Hackers

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory recommending Immediate Actions to Reduce Exposure Across all Operational Technologies and Control Systems.  The advisory warns of foreign cyber threat actors potentially targeting US critical infrastructure and provides “immediate steps to ensure resilience and safety of US systems should a time of crisis emerge in the near term.” It notes that “Legacy OT assets that were not designed to defend against malicious cyber activities, combined with readily available information that identifies OT assets connected via the Internet (e.g., Shodan1 [2], Kamerka [3]), are creating a “perfect storm” of 1) easy access to unsecured assets, 2) use of common, open-source information about devices, and 3) an extensive list of exploits deployable via common exploit frameworks…”


EXPERTS COMMENTS
Bill Swearingen, Cyber Strategist,  IronNet
July 27, 2020
What needs to be taken from this for anyone with OT is a concept of assumed breach.
This was a very thorough briefing, yet didn’t include any indicators of compromise which peaks my interest, but also outlines that this is a more wide-scale and trending problem rather than a specific threat. Attacks on OT systems aren’t something we want to mess around with because it could mean things like dams and electric systems going down, and all attackers need to do is use Shodan (a se ....
[Read More >>]
Evan Dornbush, CEO and Founder,  Point3 Security
July 27, 2020
The Advisory goes further still, offering a robust set of recommendations for executing a response strategy.
If the NSA is coming out of the shadows to speak up in a joint alert with CISA, you want to listen and take action. What is most helpful is that the advisory (https://media.defense.gov/2020/Jul/23/2002462846/-1/-1/1/OT_ADVISORY-DUAL-OFFICIAL-20200722.PDF) shares a list of tools attackers are using to identify targets. Seeing what the attacker sees allows your cybersecurity team to prioritize your ....
[Read More >>]
Nilesh Dherange, CTO,  Gurucul
July 27, 2020
Have resiliency, business continuity, and response plans in place and exercise them.
The most recent NSA and CISA alerts are directed at Government assets, but they are valid warnings for any organization that has internet-facing systems. They offer solid advice that applies to any size of operation and reiterates recommendations the Information Security community has been giving for years. In a nutshell: Have resiliency, business continuity, and response plans in place and exer ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article