With ransomware having direct and indirect impact on OT environments and industrial operations in recent weeks, there has been no shortage of guidance and resources being posted. To that end, CISA and NIST independently published two resources on June 9, 2021 to help critical infrastructure asset owners and operators bolster their preparedness against this national crisis. Both resources are good for utilities across the spectrum of cyber maturity – from less resourced utilities just beginning their cybersecurity program to more cybersecurity capable utilities looking to update/refresh policies and procedures.
Increasing its Ransomware Guidance and Resources, CISA published the Rising Ransomware Threat to OT Assets fact sheet to help critical infrastructure entities reduce vulnerabilities to ransomware. Members are encouraged to review the guidance to learn:
- steps to prepare for, mitigate against, and respond to attacks;
- how the dependencies between an entity’s IT and OT systems can provide a path for attackers; and
- how to reduce the risk of severe business degradation if affected by ransomware.
Likewise, NIST released a one-page infographic, Tips and Tactics for Control Systems Cybersecurity to help manage control system cybersecurity risks. The infographic includes quick steps to take now to protect control systems and additional steps to manage control system cyber risk. Smaller or less resourced utilities just starting their cybersecurity program may find the quick steps particularly useful on how to start the journey.