by Ryan Ozawa
Article filed in
Beyond IT: CISA puts spotlight on operational technology
by Ryan Ozawa
The ability of hackers to disrupt daily life is no longer hypothetical.
Cyberattacks have shut down fuel pipelines. Food processors. They can shut down airports and take down the national power grid. And just this week, hackers weaponized a popular network administration tool to efficiently propagate ransomware onto the systems of over 1,000 companies in at least 17 countries, taking out railway systems, grocery stores, and gas stations.
The private sector has only just begun to grapple with cyberthreats, and criminals—potentially backed by nation-state actors—have already escalated the fight by attacking critical infrastructure.
CISA lays out the facts
“Given the importance of critical infrastructure to national security and America’s way of life, accessible [operational technology] assets are an attractive target for malicious cyber actors seeking to disrupt critical infrastructure for profit or to further other objectives,” the agency explains. “Critical infrastructure asset owners and operators should adopt a heightened state of awareness and voluntarily implement the recommendations listed in this document.”
But everyone, CISA notes, must play a part.
“All organizations are at risk of being targeted by ransomware and have an urgent responsibility to protect against ransomware threats,” CISA explains.
The document is intended to help organizations build effective resilience, and:
- Provides steps to prepare for, mitigate against and respond to attacks
- Details how the dependencies between an entity’s systems can provide a path for attackers
- Explains how to reduce the risk of severe business degradation if affected by ransomware
The CISA fact sheet, titled “Rising Ransomware Threat to OT Assets,” echoes a similar cybersecurity advisory issued by the National Security Agency, “Stop Malicious Cyber Activity Against Connected Operational Technology.”
From IT to OT
Both CISA and the NSA make a distinction between “information technology” (IT) and “operational technology” (OT).
Information technology involves the management and movement of data.
Operational technology is hardware and software that monitors or controls physical processes, often involving industrial control systems (ICS) in manufacturing, energy generation, transportation, aviation and maritime activities. It can include a wide variety of devices, from simple sensors to complex robotics, and it often runs autonomously and independently.
At some point, however, these devices are usually connected to a computer.
“OT components are often connected to information technology (IT) networks, providing a path for cyber actors to pivot from IT to OT networks,” CISA notes. “As demonstrated by recent cyber incidents, intrusions affecting IT networks can also affect critical operational processes even if the intrusion does not directly impact an OT network.
CISA recommendations for OT
In its fact sheet, CISA outlines a variety of best practices to ensure OT is secure and can operate uninterrupted.
“Implement robust network segmentation between IT and OT networks, and develop and regularly test workarounds or manual controls to ensure that critical processes can be isolated and continue operating without access to IT networks,” the agency says.
CISA also stresses the importance of backup systems, asset inventories and contingency plans and workarounds that are regularly tested to ensure they will work when needed.
Ultimately, the agency advocates “good cyber hygiene,” noting that a “significant majority of ransomware attacks exploit known vulnerabilities and common security weaknesses.”
And on that front, CISA offers several cyber hygiene services at no cost to critical infrastructure operators, including vulnerability scanning, penetration testing, and a phishing email campaign assessment.
Tools you can use
Not every organization can launch a multi-agency task force. Fortunately, businesses of all sizes can take meaningful steps toward keeping their systems secure.
Paubox Email Suite works with Microsoft 365, Microsoft Exchange, and Google Workspace to send HIPAA compliant email by default. It works for any email recipient, without requiring a separate password or a special portal to access messages. And by upgrading to Paubox Email Suite Plus, you and your customers are protected from ransomware, viruses, and other malware too.
In addition, Paubox Email Suite Plus can prevent hackers from tricking employees into opening malicious emails that appear to come from the boss. Our patented ExecProtect feature prevents display name spoofing attacks and the product offers a Zero Trust Email framework that doesn’t assume any sender is safe.