2021-04-29
NSA Guidance on Improving Operational Technology Cybersecurity
The US National Security Agency (NSA) has released a cybersecurity advisory urging owners and operators of operational technology (OT) to take steps to improve security. The advisory notes, “As OT components continue being connected to information technology (IT), IT exploitation increasingly can serve as a pivot to OT destructive effects.” NSA recommends that administrators carefully consider the need for each IT-OT connection and then harden those connections.
Editor's Note
The NSA advisory below is only four pages and focuses on evaluating the risks around connectivity from IT to OT as well as guidance for improving the security of your OT systems. Understand, monitor, and document your OT access to those components as well as having gold images and configurations to enable restoration if needed. Segmentation and otherwise only allowing authorized access to OT is an achievable goal. Use the guidance to verify protections are in place as well as provide a plan to improve your cyber hygiene, then track that plan updating as needed. Remember to adjust your lifecycle expectation from years to decades when evaluating OT.

Lee Neely
This short advisory is really just an update and summation of previous guidance from DoD, FBI, Canadian authorities and industry/academia experts that came out of analysis of the 2015 Ukrainian power grid attack. The first paragraph of the executive summary is good material for a push out to CXOs and boards of directors.

John Pescatore
Read more in
Defense: Stop Malicious Cyber Activity Against Connected Operational Technology (PDF)
Gov Infosecurity: NSA Offers OT Security Guidance in Wake of SolarWinds Attack
Nextgov: NSA to Defense Sector: Think Twice Before Connecting Operational Technology to the Internet
Cyberscoop: NSA warns defense contractors to double check connections in light of Russian hacking