Summary: This week, CISA, the FBI, EPA, and the Department of Energy (DOE) published a fact sheet urging critical infrastructure entities with operational technology (OT) and industrial control systems (ICS) to implement five primary mitigations that will strengthen their cybersecurity. The authoring organizations urge critical infrastructure entities to review this fact sheet and act now to improve their cybersecurity posture against active cyber threat activities specifically and intentionally targeting internet connected OT and ICS.

Analyst Note: This fact sheet contains mitigations for water utilities to take in order to secure their OT and ICS systems from malicious cyber threat actors, as well as additional resources to help implement or strengthen these mitigations. The authoring agencies also encourage critical infrastructure entities to regularly communicate with their third-party managed service providers, system integrators, and system manufacturers who may be able to provide system-specific configuration guidance. 

In addition to this fact sheet, CISA and USG partners published an operational alert warning of unsophisticated cyber actor(s) targeting ICS/SCADA systems within U.S. critical Infrastructure sectors (Oil and Natural Gas), specifically in Energy and Transportation Systems. These actors often use basic and elementary intrusion techniques because they target organizations with poor cyber hygiene and exposed public facing devices.

The presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions and, in severe cases, physical damage. Members are encouraged to review the fact sheet and apply the following mitigations:

• Remove OT connections to the public internet
• Change default passwords immediately and use strong, unique passwords 
• Secure remote access to OT networks 
• Segment IT and OT networks
• Practice and maintain the ability to operate OT systems manually 

Original Source: https://www.cisa.gov/resources-tools/resources/primary-mitigations-reduce-cyber-threats-operational-technology

Additional Reading:

• (TLP:AMBER) Volt Typhoon Cyber Tactics Warrant Proactive Defense of US Critical Infrastructure Networks
• (TLP:GREEN) Joint Cyber Spotlight of Pro-Russian Hacktivist Groups Targeting Critical Infrastructure Focuses on the Water Sector
• (TLP:AMBER) Criminal Hacktivists Likely to Increase Low-Level Cyber Attacks Due to Intensification of Middle East Conflict

Related WaterISAC PIRs: 6, 6.1, 8