Industrial control systems (ICS) and other operational technology (OT) systems can be a tempting target for state-sponsored threat actors, profit-driven cybercriminals and hacktivists. These devices are often left unprotected and hacking them could have serious consequences, including physical damage and loss of life.
The NSA and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have been publishing resources to help potentially targeted organizations address the vulnerabilities that expose them to such attacks, and the two agencies have now released another advisory, one focusing on how threat actors plan and execute their attacks against critical infrastructure control systems.