image credit: freepik
The NSA’s advisory, titled “Stop Malicious Cyber Activity Against Connected Operational Technology,” is specifically addressed to the Department of Defense, national security system (NSS) and defense industrial base organizations, but the recommendations can be useful to any industrial company.
The advisory shares recommendations for evaluating risks and improving the securing of connections between IT systems — these can often serve as an entry point into industrial networks — and OT systems.
“Each IT-OT connection increases the potential attack surface,” the NSA said. “To prevent dangerous results from OT exploitation, OT operators and IT system administrators should ensure only the most imperative IT-OT connections are allowed, and that these are hardened to the greatest extent possible.”
