The National Security Agency (NSA) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that foreign hackers are attempting to target U.S. critical infrastructure.
The agencies specifically warned that internet-connected operational technology (OT) assets, used throughout U.S. defense systems, were often the targets of malicious cyber actors attempting to hit critical infrastructure, such as systems providing water, gas and electricity.
As a result, the agencies recommended that critical infrastructure operators and owners take “immediate action” to secure their systems.
“Due to the increase in adversary capabilities and activity, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to do harm to US interests or retaliate for perceived US aggression,” the agencies wrote in a joint alert.
The security agencies noted that OT assets are used in Department of Defense systems and throughout the defense industrial base sector, including in national security systems.
The NSA and CISA wrote they had seen evidence of email spear phishing attacks to gain access to critical infrastructure networks to access OT assets, along with attempted ransomware attacks on these critical systems. This type of attack, which has become an increasing headache over the past year for state and local governments, involves an attacker encrypting a network and demanding payment to allow the user access again.
CISA previously issued an alert in February following a ransomware attack on an unnamed “natural gas compression facility” that temporarily shut down operations and disrupted other critical systems operators that interacted with the facility.
“It is important to note that while the behavior may not be technically advanced, it is still a serious threat because the potential impact to critical assets is so high,” the agencies wrote.
Anne Neuberger, the director of the NSA’s Cybersecurity Directorate, said in statement that “operational technology assets are pervasive and underpin many essential national security functions,” strongly encouraging critical infrastructure owners and operators to take steps to secure their systems against attempted cyberattacks.
One recent attack cited by the agencies was a thwarted attack on water systems in Israel, as reported by CyberScoop in May. The attack targeted the industrial computers at the water facility, with Yigal Unna, the head of Israel’s National Cyber Directorate, describing it as a “synchronized and organized attack,” according to CyberScoop.
The NSA and CISA also pointed to increased use of OT assets across sectors and critical organizations because of a spike in remote work and a “decentralized workforce.”
The agencies recommended that critical infrastructure organizations take steps to protect their OT assets from attack, such as through creating a resilience plan to protect and restore systems in the case of debilitating cyberattack, along with implementing a system monitoring program.
“As we’ve said many times, our adversaries are capable, imaginative and aim to disrupt essential services, so it is important that we make sure we are staying ahead of them." Bryan Ware, assistant director for Cybersecurity at CISA, said in a statement. “Our goal at CISA is to lead and encourage a proactive ‘whole community’ assessment and response to significant threats and ensure we provide the right tools and services at the right time.”