At the end of May, Reuters reported that Western intelligence agencies and Microsoft had evidence of a state-sponsored Chinese hacking group spying on a collection of U.S. critical infrastructure organizations. On top of that, investigators believe that the group was targeting the island of Guam, a U.S. territory and home to American military bases. In response, the NSA urged critical infrastructure operators to remain alert to any suspicious activity.
This case is just one of the latest examples demonstrating the importance of establishing thorough critical infrastructure cybersecurity practices, which means enhancing OT and ICS cybersecurity. As Info-Tech Research Group put it in a press release, “In the era of automation and industrial digitalization, the modernization of industrial control systems (ICS) is on the rise in the utilities industry. However, there is a lack of comprehensive understanding among information technology (IT) and operational technology (OT) leaders regarding the driving factors behind ICS modernization…”
Basically, we need to keep up with OT and ICS modernization faster than malicious actors in order to protect the essential companies, facilities, and networks that they support. So, what are some new initiatives to come from this pursuit?
CISA Builds Coalition Dedicated to Addressing Remote Access Software
In a recent post published to its website, the Cybersecurity & Infrastructure Security Agency (CISA) explained that “Remote access software provides organizations with a broad array of capabilities to maintain and improve information technology (IT), operational technology (OT), and industrial control system (ICS) services.” That quality also makes it appealing to cyber criminals. To help entities ward them off, CISA announced that it partnered with the FBI, NSA, Multi-State Information Sharing and Analysis Center, and the Israel National Cyber Directorate to produce the Guide to Securing Remote Access Software. The guide outlines cybersecurity requirements, the type of threats such systems face, best defense practices, and more.
NNSA and the State of Nuclear Cybersecurity
Elsewhere in government land, the U.S. Government Accountability Office (GAO) is reviewing the National Nuclear Security Administration (NNSA)’s approach to cybersecurity. It concludes that NNSA’s strategy for identifying, tracking, and reducing cyber risk is still in “early stages of development.” It’s important that NNSA pick up the pace in its efforts because contractors are transitioning more and more to digitized manufacturing and industrial control processes.
To make matters more complicated, “NNSA has estimated that there could be hundreds of thousands of OT systems at sites across the nuclear security enterprise,” as explained by GAO.
However, NNSA insists that it is furthering tactics to catalog these systems and is in the midst of assembling an OT-specific guidebook.
Sources:
- “Chinese hackers spying on US critical infrastructure, Western intelligence says” – Zeba Siddiqui and Christopher Bing, Reuters
https://www.reuters.com/technology/microsoft-says-china-backed-hacker-targeted-critical-us-infrastructure-2023-05-24/ - “Industrial Control Systems Modernization Is on the Rise as Utilities Sector Adopts Digitalization, Explains Info-Tech Research Group” – Info-Tech Research Group, Yahoo Finance
https://finance.yahoo.com/news/industrial-control-systems-modernization-rise-173000065.html - “Nuclear Weapons Cybersecurity: Status of NNSA’s Inventory and Risk Assessment Efforts for Certain Systems” – GAO
https://www.gao.gov/products/gao-23-106309 - “CISA and Partners Release Joint Guide to Securing Remote Access Software” – Cybersecurity & Infrastructure Security Agency