The National Security Agency warned defense contractors in a memo on Thursday to reexamine the security of the connections between their operational technology and information technology in light of recent alleged Russian hacking.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

The alert, which references the sweeping SolarWinds espionage operation that U.S. officials have blamed on the Russian government, is meant to convince operational technology (OT) owners and operators in the defense industrial base to limit the scope and scale of any potential attack surface for U.S. adversaries to exploit, the NSA said in the alert.

“Each IT-OT connection increases the potential attack surface,” the NSA said. “To prevent dangerous results from OT exploitation, OT operators and IT system administrators should ensure only the most imperative IT-OT connections are allowed, and that these are hardened to the greatest extent possible.”

The alert comes weeks after the Biden administration formally attributed the recent espionage campaign to hackers working for Russia’s Foreign Intelligence Service (SVR). The hackers, also known as APT29 or Cozy Bear, laced malicious code in a software update from federal contractor SolarWinds last year, according to the U.S. intelligence community. As a result of that operation, the Russian hackers hit U.S. federal agencies and private sector entities, including some OT and U.S. critical infrastructure, according to the Department of Homeland Security’s cybersecurity agency, the Cybersecurity and Infrastructure Security Agency (CISA).

Hundreds of electric utilities installed the tainted SolarWinds software, according to the North American power grid regulator, the North American Electric Reliability Corp. (NERC). Some organizations used the bad software in their OT networks, raising concerns about vulnerability in U.S. critical infrastructure and OT environments.

“A significant shift in how operational technologies (OT) are viewed, evaluated, and secured within the U.S. is needed to prevent malicious cyber actors (MCA) from executing successful, and potentially damaging, cyber effects,” the NSA said in the memo.

In a recognition that OT operators need to step up their game, the NSA urged OT owners and operators Thursday to reevaluate whether certain OT-IT connections are necessary or mission-critical, and whether they can disconnect them to reduce the risk that adversaries exploit them. 

“While there are very real needs for connectivity and automating processes, operational technologies and control systems are inherently at risk when connected to enterprise IT systems,” the NSA said in the memo. “Seriously consider the risk, benefits, and cost before connecting (or continuing to connect) enterprise IT and OT networks.” 

The NSA Cybersecurity Director issued the alert as part of an ongoing effort to share more information with the public about specific threats from U.S. adversaries to better thwart their intelligence-gathering or more destructive campaigns.

Federal investigators have been issuing other alerts and memos to warn information security practitioners how best to fend off the Russian hackers for months now. Earlier this month the NSA, along with the FBI and CISA, issued a memo detailing the APT29 hackers’ tradecraft in an effort to stymie the attackers.

The post NSA warns defense contractors to double check connections in light of Russian hacking appeared first on CyberScoop.

By admin