Operational technology (OT) and in particular Industrial Control Systems (ICS) have increasingly become a lucrative target for various threat actors. The recent news headlines highlighted how zero-day vulnerabilities in popular network security equipment discovered by the NSA have been released by a hacker group.
The initial revelations from the leaked files indicate the NSA developed tools which took advantage of vulnerabilities in the equipment of major vendors such as Cisco, Fortigate, Huawei, and Juniper to intercept traffic which passes through a network.
There are currently no known public reports that indicate if these exploits are already in the wild. Cisco and Juniper have since claimed the vulnerabilities are legitimate and have been patched. Juniper and Huawei meanwhile are still in process of investigating these vulnerabilities and there are no patches available as for now.
While some of us will disregard the impact of such 0 day exploits in relation to OT networks with assumption that control systems are air-gapped and therefore not exposed to Internet. The reality is that control systems are nowadays increasingly interconnected as there are various entry points to the OT networks. Additionally, the insider threat should be not ignored as key elements for cyber criminals, foreign agencies and spies. Therefore, organizations should act quickly and determine if their network equipment’s are vulnerable and could be exposed to these exploits.
Moreover the focus should be on selecting the necessary safeguards to mitigate the risk. That’s where Applied Risk Industrial Cyber Security Services comes into play to help mitigate the negative effects of such vulnerabilities and intrusion to your critical assets.
Besides patching the vulnerable systems, these are some of tactical and strategic recommendations that will help organization dealing with such sophisticated attacks:
- Review the accuracy of your asset inventory and network architecture
- Test and validate your network segmentation especially for mission critical systems
- Increase logging and proactive monitoring of network traffic
- Consider while listing and/or anomaly detection technologies
- Monitor threat intelligence feeds and ISACs reports for more info
- Review your incident response capabilities and team readiness
- Rethink your OT security strategy and consider multi-vendor policy beyond traditional vendors
Applied Risk can help you reduce your cyber security risk in the OT landscape based on our extensive experience in this space. Contact our subject matter experts to help you define proper course of action and enhance security of your OT infrastructure.