CISA Responds to Increase in Ransomware Targeting Control Systems and OT Assets

June 24, 2021 by Alessandro Mascellino

The US Cybersecurity and Infrastructure Security Agency (CISA) published a new document responding to the increase in ransomware attacks targeting OT assets and control systems.

The fact sheet discusses the prevention, mitigation, and response to attacks. It provides information about how the dependencies between an entity’s IT and OT systems can provide a path for attackers. The report comes days after the National Institute of Standards and Technology (NIST) published a Tips and Tactics Security Guide for control system operators.


Increasing Ransomware Attacks

In the last two years, there has been a substantial increase in ransomware attacks targeting operational technology (OT) assets, such as the colonial pipeline, meat packing facilities, and others.

For instance, in February last year, a ransomware infection shut down a US natural gas pipeline for two days. The trend continued throughout 2020, to such an extent that in October, CISA issued new ransomware presentation guidelines


Network security equipment used in an industrial facility. 


Despite this, however, ransomware attempts continued to disrupt industrial manufacturers in the US. The Biden Administration unveiled new plans in April to protect critical control systems from cyberattacks. For context, ransomware attacks can result from phishing attempts but can also be caused by vulnerabilities in IT and OT systems, which malicious actors can potentially exploit.

These vulnerabilities are relatively frequent in unpatched IT and OT. For instance, just last month, Microsoft found more than 50 critical memory allocation vulnerabilities in several IoT and OT tools.


Preparation, Mitigation, and Response

The new Rising Ransomware Threat to Operational Technology Assets sheet is divided into three separate sections: prepare, mitigate, and respond to cyber attacks.

The first section recommends companies determine their critical operational processes’ reliance on key IT infrastructure. From there, they should devise a resilience plan addressing how to operate if they lose access to or control of the IT and OT environment. 

This section also advises companies to exercise their response plan and implement regular data backup procedures on both IT and OT networks. 

The Mitigation section of the fact sheet focuses on good cyber hygiene practices. Additionally, it advises implementing a robust network segmentation between IT and OT networks and a continuous and vigilant system monitoring program. 


The Ransomware Guide is the result of the collaboration between CISA and MS-ISAC. Image used courtesy of the CISA


Finally, the Response section of the document guides companies through the first steps to take should they become a victim of ransomware. Readers are then redirected to CISA’s main Ransomware Guide for more details and a full ransomware response checklist. 


The NIST Control System Security Guide

In addition to these guidelines by CISA, the NIST just published a Tips and Tactics security guide for control system operators. The one-page document offers a comprehensive list of actions for companies to follow to protect their control systems.

These include having a dedicated team in charge of control system cybersecurity efforts and a thorough analysis of which types of computer and control system assets companies own and which are the most vulnerable. Additional recommendations include establishing cybersecurity relationships with communities and vendors, changing default passwords, and protecting assets from tampering.

The Tips and Tactics also provides an overview of how to manage control systems’ cybersecurity risks. This section briefly covers several topics, including training and awareness, managing user credentials and access, and restricting access to the control system network.

It also mentions cybersecurity vulnerabilities management, application control implementation, and incident recovery, together with implementing and performing continuous monitoring of critical systems.

Are your OT systems at risk? If so, you may want to check out these resources.