In retaliation for ongoing attacks against US interests and to be a deterrent against future cyberattacks, the United States has been penetrating Russian power and industrial systems according to recent reporting in the New York Times. There have been multiple articles about attacks on critical infrastructure and attempts to penetrate systems in this space. In the US, no breach has been reported to lead to a wide spread outage, but there has been an increasing level of concern.
- These devices, while internet-connected, often don’t have the same ability to be hardened against attack. Operator workstations may us conventional operating systems, but the ICS/SCADA systems operate on proprietary systems where traditional tools aren’t available to protect them.
- For any nation-state actor to control an ICS/SCADA system, they need to be able to remotely contact the device or have the device remotely contact them. The best solution is strict whitelisting to only allow them to communicate to specific machines they need to, but this is not often feasible.
- To protect these devices requires strong defenses on the network-layer, which means controlling DNS resolution for these devices and restricting these devices from communicating with known-hostile infrastructure. Many sharing groups like MS-ISAC, DHS AIS, and other more energy-focused groups already share these indicators, what is needed is automatically updating your system to protect against threats as they are discovered to limit the window of vulnerability.
How can you solve this issue? ThreatSTOP can take automated intelligence from government and sharing communities to protect against nation-state attacks on critical infrastructure and how we can use our advanced threat intelligence processing to protect your enterprise automatically.