As ransomware attacks against operational technology (OT) assets and control systems rise, the U.S. Cybersecurity and Infrastructure Agency (CISA) is urging OT operators to read up on the rising threats and protect critical infrastructure.
Ransomware operators are increasingly pivoting from IT networks to OT networks, threating the shut down of critical infrastructure systems like pipelines, transportation, water and more. We need to only go back a few weeks to remember the Colonial Pipeline ransomware incident to understand how serious this can be.
“As demonstrated by recent cyber incidents, intrusions affecting IT networks can also affect critical operational processes even if the intrusion does not directly impact an OT network,” CISA’s fast sheet says.
CISA now says critical infrastructure operators have an “urgent responsibility” to protect against ransomware and is calling on them to adopt a “heightened state of awareness” and implement cybersecurity procedures and policies designed to mitigate those threats.
The agency’s recommendations largely follow what any organization should do to protect against ransomware, like practicing good cyber hygiene, regularly update and patch systems, cybersecurity education and training and backing up data to offline sources.
However, critical infrastructure organizations are also advised on how to keep OT assets safe from compromise. According to CISA, those organizations should:
- Determine how much your critical OT systems rely on key IT infrastructure.
- Plan for when you lose access to the IT and/or OT environment.
- Exercise your incident response plan and test manual controls if OT networks need to be taken offline.
- Implement regular data backup procedures for both OT and IT networks.
- Require multi-factor authentication for both OT and IT networks.
- Segment IT and OT networks.
The agency also points organizations toward co-cost tools and resources like cyber hygiene services and technical assistance in the event of a successful ransomware attack. Organizations are also urged to report any incidents to law enforcement for assistance, bringing criminals to justice and for access to possible decryptors.