Today CISA and the NSA jointly released a Cybersecurity Advisory on Control System Defense. The document [labeled Alert (AA22-265A)] provides an overview (with footnotes) of how adversaries plan and carry out cyberattacks on industrial control systems and then outlines steps that owner/operators can take to prevent, or at least mitigate, such attacks.
Commentary
There is a great deal of valuable information in this document, but it is mostly derivative. That is adequately documented in the 16 footnotes. Given the scope of the topics being covered, the 12-page document is only able to hit the high-points of the discussion. This is fine if an organization has an inhouse process control engineering team, they will be able to digest the provided information and apply it to their unique control system needs.
This document will be less helpful to smaller organizations that have had to rely on contract integrators for the installation and maintenance of their control systems. Unless those earlier contracts included cybersecurity support, many of these smaller system owners are going to find it difficult to find the necessary support to add the discussed mitigation measures to existing systems. And the add-ons are likely to be expensive if qualified personnel can be found.
What is seriously missing from this discussion about what to do when the attack occurs. Smaller organizations may have an advantage if they can continue limited operations in the manual mode. This would allow them continue operations while they work through the process of restoring operations from backups. Interestingly, this is another topic that is strangely missing from the discussion in the CISA/NSA alert. This is a primary response tool for ransomware attacks, arguably the most common cyberattack seen by most organizations.
For a more detailed look at the CISA-NSA alert, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/cisa-nsa-publish-ot-security-alert
- subscription required.
No comments:
Post a Comment