The National Security Agency and the Cybersecurity and Infrastructure Security Agency have released an advisory outlining the steps cyberthreat actors use to plan and carry out compromises against operational technology and industrial control system assets.
NSA said Thursday the cybersecurity advisory builds on guidance previously issued by the two agencies to mitigate OT exposure and stop malicious actors from targeting ICS.
“Owners and operators of these systems need to fully understand the threats coming from state-sponsored actors and cybercriminals to best defend against them,” said Michael Dransfield, control systems defense expert at NSA.
According to the advisory, the steps malicious actors follow to compromise ICS and OT assets are establishing the intended effect and selecting a target; collecting intelligence about the target system; developing techniques and tools to navigate and manipulate the system; gaining initial access to the system; and executing techniques and tools to create the intended effect.
“We’re exposing the malicious actors’ playbook so that we can harden our systems and prevent their next attempt,” added Dransfield.
The document also offers recommendations to help OT and ICS operators and owners to defend their systems from such threat actors.
These include limiting exposure of system information, identifying and securing remote access points, restricting tools and scripts and conducting regular security audits.