CyberWire Daily - CISA Alert AA22-265A – Control system defense: know the opponent. [CISA Cybersecurity Alerts]
Episode Date: September 22, 2022This alert builds on previous NSA and CISA guidance to stop malicious ICS activity and reduce OT exposure. The alert documentation linked in the show notes describes TTPs that malicious actors use to ...compromise OT/ICS assets. It also recommends mitigations that owners and operators can use to defend their systems from each of the listed TTPs. NSA and CISA encourage OT and ICS owners and operators to apply the recommendations in this documentation. AA22-265A Alert, Technical Details, and Mitigations NSA and CISA guidance to stop malicious ICS activity and reduce OT exposure For NSA client requirements or general cybersecurity inquiries, contact Cybersecurity_Requests@nsa.gov. To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov. To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. Original release date, September 22, 2022.
This alert builds on previous NSA and CISA guidance to stop malicious ICS activity and reduce OT exposure.
The alert documentation linked in the show notes describes TTPs that malicious actors use to compromise OT and ICS assets.
It also recommends mitigations that owners and operators can use to defend their systems from each of the listed TTPs. NSA and CISA encourage OT and ICS owners
and operators to apply the recommendations in this documentation. Traditional approaches to
securing OT and ICS do not adequately address current threats. Operators who understand
cyber actors' TTPs can use this knowledge to prioritize hardening
and mitigation actions. Operational technology and industrial control system assets that operate,
control, and monitor day-to-day critical infrastructure and industrial processes
continue to be an attractive target for malicious cyber actors. These cyber actors target OT and ICS
assets to achieve political gains, economic advantages, or destructive effects.
Because OT and ICS systems manage physical operational processes, cyber actors' operations
could result in physical consequences, including loss of life, property damage, and disruption of
national critical functions. Traditional ICS assets are difficult to secure due to their design
for maximum availability and safety, coupled with their use of decades-old systems that often lack any recent security updates.
Newer ICS assets may be able to be configured more securely, but often have an increased attack surface due to incorporating internet or IT network connectivity to facilitate remote control and operations.
The net effect of the convergence of IT and OT platforms has increased the risk of cyber exploitation of control systems.
APT actors have also developed tools for scanning, compromising, and controlling targeted OT devices.
For additional information regarding the TTPs that malicious cyber actors use to plan and execute compromises against critical infrastructure control systems,
and for specific mitigation measures for each of these TTPs, visit the alert documentation linked in the show notes. Thank you. or report incidents to your local FBI field office. This report was written by CISA,
the United States Cybersecurity and Infrastructure Security Agency,
and edited and adapted for audio by the Cyber Wire as a public service.
Please visit www.cisa.gov to read the full report,
which may include additional details, links, and illustrations.
A link to this report can be found in the show notes.
can be found in the show notes.
This has been a CISA Cybersecurity Alert.