CISA and NSA Urge "Immediate Action" to Secure Critical Infrastructure Operations Technology and Control Systems
This is a critical time to re-focus on phishing prevention. By 2019, over 80% of businesses had at least turned on DMARC services to fight spoofed emails but only around 20% have moved to active prevent policies. Disruption for those that have turned active prevent on has been minimal, security gain enormous. Also, do a user education revisit - especially about all the new messaging/conferencing/collaboration channels that are in use with work from home operations. Finally, try to get at least IT admins moved to two factor authentication and plant the flag to fight for wider adoption after that.
I shuddered when I read "Internet accessible PLC". PLCs are not designed to be Internet accessible. Fundamentally separate OT from IT; further, separate experiment control systems from environmental health/safety systems. For example, keep the C&C machine separated from the oxygen safety monitor, neither of which should be directly accessible. Use a controlled interface, or air-gap. While remote access is desirable in the current work environment, controls must be maintained to prevent direct attack on these systems, including not providing some remote access. Additionally, have processes for verifying transfer of data and software to and from these systems to prevent introduction of malware.
In addition to the recommendation that we made earlier in the week that strong authentication should be considered essential for infrastructure controls connected to the public networks, and in addition to implementing DMARC, strong consideration should be given to isolating e-mail and browsing from operational networks.