Technology Titans

Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity

In light of ongoing malicious cyber activities targeting operational technology (OT) devices in North America and Europe, a consortium of cybersecurity organizations, including the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), has issued a comprehensive fact sheet outlining strategies to mitigate these threats.

The Threat Landscape: Pro-Russia hacktivists have been targeting critical infrastructure sectors such as Water and Wastewater Systems (WWS), Dams, Energy, and Food and Agriculture, aiming to compromise industrial control systems (ICS) through tactics like exploiting default passwords and outdated software components like human machine interfaces (HMIs). While the techniques employed thus far have mostly resulted in nuisance effects, there is a potential for physical threats against insecure OT environments.

Recent Incidents: In early 2024, there were reports of unauthorized access to vulnerable industrial control systems, particularly affecting water and wastewater systems in the U.S. Victims experienced disruptions caused by remote manipulation of HMIs, resulting in equipment exceeding normal operating parameters and minor incidents like tank overflow. However, most affected organizations swiftly reverted to manual controls and restored operations.

Mitigation Strategies: To safeguard against these threats, the fact sheet recommends several mitigations aligned with cybersecurity best practices:

  1. Harden HMI Remote Access: Disconnect HMIs from public-facing internet, implement strong passwords and multifactor authentication for remote access, and regularly update software and passwords.

  2. Strengthen Security Posture: Integrate cybersecurity considerations into the design and operation of OT systems, maintain manual operation capabilities, create backups for fast recovery, and regularly check for unauthorized modifications.

  3. Limit Adversarial Use of Common Vulnerabilities: Utilize CISA services for vulnerability scanning and testing, assess security posture with regional Cybersecurity Advisors, and mandate secure practices for OT device manufacturers, including eliminating default passwords and requiring multifactor authentication.

Ultimately, while critical infrastructure organizations can implement these measures to mitigate risks, it’s crucial for OT device manufacturers to prioritize secure design and default settings, as outlined in the joint guide “Shifting the Balance of Cybersecurity Risk.”

By adhering to these recommendations and fostering collaboration between industry stakeholders, it’s possible to bolster defenses against ongoing cyber threats and ensure the resilience of critical infrastructure systems.