"Over recent months, cyber actors have demonstrated their continued willingness to conduct malicious cyber activity against critical infrastructure (CI) by exploiting internet-accessible operational technology (OT) assets.[
1]
Due to the increase in adversary capabilities and activity, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to U.S. interests or retaliate for perceived U.S. aggression. OT assets are critical to the Department of Defense (DoD) mission and underpin essential National Security Systems (NSS) and services, as well as the Defense Industrial Base (DIB) and other critical infrastructure. At this time of heightened tensions, it is critical that asset owners and operators of critical infrastructure take the following immediate steps to ensure resilience and safety of U.S. systems should a time of crisis emerge in the near term. The National Security Agency (NSA) along with the Cybersecurity and Infrastructure Security Agency (CISA) recommend that all DoD, NSS, DIB, and U.S. critical infrastructure facilities take immediate actions to secure their OT assets."
Translation: If your business uses internet-accessible operational technology and control systems, you need to tighten up your security protocols quickly. This includes the Dept. of Defense, National Security Systems, the Defense Industrial Base, and the remaining 15 critical infrastructure sectors:
- Chemical Sector
- Commercial Facilities Sector
- Communications Sector
- Critical Manufacturing Sector
- Dams Sector
- Emergency Services Sector
- Energy Sector
- Financial Services Sector
- Food and Agriculture Sector
- Government Facilities Sector
- Healthcare and Public Health Sector
- Information Technology Sector
- Nuclear Reactors, Materials, and Waste Sector
- Transportation Systems Sector
- Water and Wastewater Systems Sector
Read the full bulletin here:https://us-cert.cisa.gov/ncas/alerts/aa20-205a
