OT cyberattacks

NSA warns of increased threat of state-sponsored IT/OT cyberattacks

Print Friendly, PDF & Email

The NSA has recently warned of increased state-sponsored malicious cyber activity targeting critical infrastructure. The agency issued a Joint Cybersecurity Advisory (CSA) on April 20 2022, prepared in partnership with other security agencies, including the Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), National Cyber Security Centre New Zealand (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) and National Crime Agency (NCA).

The CSA highlights the threat that state-sponsored cyberattacks pose to information technology (IT) and operational technology (OT) networks. The report stresses the need for extra vigilance and increased security measures to protect critical infrastructure, such as water treatment, waste management, and the energy sector. Attacks against such organizations can lead to dangerous and costly disruption to essential services, putting lives at risk and affecting national security. The specific threats alerted of in the Advisory include “destructive malware, ransomware, DDoS attacks, and cyber espionage,” which have the potential to take critical systems offline, and even cause physical damage.

Previous attacks on OT infrastructure — such as the Colonial Pipeline ransomware attack, which halted all of the pipeline’s operations temporarily, and a spear-phishing attack on a German steel mill, which caused substantial damage to its blast furnace — have shown the danger malicious code poses to daily life. It’s not just an IT issue. More recently, wind-energy company Deutsche Windtechnik was forced to shut down the operation of around 2,000 wind turbines when hit with a ransomware attack claimed by cybercriminal group Conti.

State-sponsored attacks of the type that the CSA refers to are particularly dangerous because hackers employed or supported by a state-actor are above the law, well-funded, and have access to the best human and technical resources available. They can target anyone and everyone. And while independent hacker groups may only be looking to cause more minor disruption, these types of attacks are looking to cause major shutdowns, information breaches, and — in the case of OT — physical damage. That damage can put the lives of workers in targeted facilities in danger as well as harming infrastructure.

Securing your OT and IT networks

The Advisory recommends a number of measures to best secure your OT and IT networks against potential state-sponsored cyberattacks. First and foremost is patching all known vulnerabilities as a matter of urgency, with emphasis on prioritizing the CISA’s list of known vulnerabilities. Other high-priority defense tactics include implementing multifactor authentication (MFA), securing remote access, and training end users to recognize phishing, spear-phishing, and other attempts at social engineering.

Of course, these are not the only things you can do to secure your networks. At Barracuda, we recommend several additional preventative actions to ensure a high level of network security. These include:

  • Ensuring that you have up-to-date backups: These must be regularly tested to ensure they contain all data necessary to restore your systems.
  • Protecting your web applications and APIs with firewalls: Doing so stops bad actors from getting into a network and from moving within the network.
  • Implementing Zero Trust Network Access (ZTNA): This ensures that remote access to your networks and systems is as secure as possible and nobody has access they don’t need.

Finally, I want to emphasize network segmentation. It’s a vital security measure to put in place to secure your OT. Segmenting your network enables you to contain threats, isolating them in the zone where they enter. This reduces the likelihood of a breach spreading laterally throughout the entire network. Our recent blog post, The Power of Network Segmentation for Operational Technology, talks through the why and how of network segmentation, as well as the benefits it offers for securing OT systems.

Cyberattacks are a constant threat to both OT and IT systems. This warning from the NSA is really a reminder that we must take the threat seriously all the time. Critical infrastructure may be a high-profile target where a breach poses greater risk, but the lessons of good security will benefit any organization. Don’t wait to take action — secure your OT and IT networks now, before it’s too late.

Scroll to top