Know the enemy: safety tips for industrial control systems

ICS and OT in critical infrastructure, unprotected, can cause a great deal of damage. In the report "Control System Defense: Know the Opponent", the Cybersecurity & Infrastructure Agency (CISA) and the National Security Agency (NSA) describe how such attacks take place. It is made clear that traditional models for securing ICS/OT are often not sufficient. In most cases, securing security vulnerabilities is not possible because ICS and OT are often operated with outdated systems for which patches are no longer available.

The attackers often work with social engineering attacks to gain more insider information about compromisable systems. Especially the information about the infrastructure to the systems should never lurk unencrypted on a server. Remote connections should only be accessible through specific points or via VPN. In addition, unneeded scripts and tools should be removed from systems so as not to leave too large an attack vector open. Admins should also perform regular security audits.

CISA and NSA recommend that owners and operators read the recommended remediation measures and actions. The report is primarily intended to provide an understanding in the modus operandi of malicious cyber actors and provide insight into tactics, techniques and approaches. While the NSA security service has been in the headlines repeatedly in recent years, the security tips from the Document well worth reading.

Source: NSA, CISA (Heise), editors.