ConsoleWorks Staunch Defense to Secure OT Assets
An Alert (AA20-205A) issued by the National Security Agency (NSA) and Cybersecurity and Infrastructure Security (CISA) advises the DoD, NSS, DIB, and U.S. to take immediate action to secure vulnerable, internet-accessible OT assets and Industrial Control Systems.
Click to View PDF of Complete Alert Report
The ConsoleWorks Cybersecurity/Operations Platform provides a staunch defense to secure your critical OT infrastructure. Download the document below to see how ConsoleWorks maps to each of the areas outlined in the NSA/CISA Alert.
ConsoleWorks approach to each of these areas:
- Threat Tactics
- Resilience Plan for OT
- Harden Your Network
- Create as Accurate ‘as-operated’ OT Network Map – Immediately
- Create an Asset Inventory
- Identify all Communication Protocols Used Across the OT Networks
- Understand & Evaluate Cyber Risk on ‘as-operated’ OT Assets
- Implement a Continuous & Vigilant System Monitoring Program
Download – ConsoleWorks Staunch Defense to Secure OT Assets
ConsoleWorks Screenshots
NSA/CISA Alert (AA20-205A) – July 23rd 2020
Summary of recent Alert: Cyber actors have demonstrated their continued willingness to conduct malicious cyber activity against critical infrastructure by exploiting internet-accessible OT assets. Due to the increase in adversary capabilities and activity, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to U.S. interests or retaliate for perceived U.S. aggression. OT assets are critical to the Department of Defense mission and underpin essential National Security Systems and services, as well as the Defense Industrial Base and other critical infrastructure.
At this time of heightened tensions, it is critical that asset owners and operators of critical infrastructure take the following immediate steps to ensure the resilience and safety of U.S. systems should a time of crisis emerge. The National Security Agency along with the Cybersecurity and Infrastructure Security Agency recommend that all DoD, NSS, DIB, and U.S. critical infrastructure facilities take immediate actions to secure their OT assets.
Internet-accessible OT assets are becoming more prevalent across the 16 U.S. critical infrastructure sectors as companies increase remote operations and monitoring, accommodate a decentralized workforce, and expand outsourcing of key skill areas such as instrumentation and control, OT asset management/maintenance, and in some cases, process operations and maintenance.
Legacy OT assets that were not designed to defend against malicious cyber activities, combined with readily available information that identifies OT assets connected via the internet (e.g., Shodan, Kamerka), are creating a “perfect storm”:
- Easy access to unsecured assets
- Use of common, open-source information about devices
- An extensive list of exploits deployable via common exploit frameworks (e.g., Metasploit, Core Impact, and Immunity Canvas).
Observed cyber threat activities can be mapped to the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for Industrial Controls Systems framework. It is important to note that while the behavior may not be technically advanced, it is still a serious threat because the potential impact to critical assets is so high.
- Spearphishing [T1192] to obtain initial access to the organization’s information technology (IT) network before pivoting to the OT network
- Deployment of commodity ransomware to Encrypt Data for Impact [T1486] on both networks
- Connecting to Internet Accessible PLCs [T883] requiring no authentication for initial access
- Utilizing Commonly Used Ports [T885] and Standard Application Layer Protocols [T869] to communicate with controllers and download modified control logic
- Use of vendor engineering software and Program Downloads [T843]
- Modifying Control Logic [T833] and Parameters [T836] on PLCs
Click to View PDF of Complete Alert Report
