Here are a few stories that turned our heads in Operational Technology (OT)/ Industrial Control Systems (ICS) security over the past week:
Fox News: Claroty VP of Threat Intelligence, Dave Weinstein, discusses parallel threats including Russian election interference and critical infrastructure probing with Mike Emanuel, Fox News Chief Congressional Correspondent. Watch the five minute segment.
The US Department of Homeland Security has established a new National Risk Management Center to facilitate cross-sector information sharing and collaborative responses to cyber threats against critical infrastructure.
At a cybersecurity summit in New York City on Tuesday, DHS Secretary Kirstjen Nielsen described the center as the foundation of a new collective defense strategy led by the US government to respond more forcefully to threats against US interests in cyberspace. The center will bring together security experts from government — including those from intelligence and law enforcement agencies — and security experts from the private sector.
Our Take: Time will tell whether establishing another DHS entity is the right approach. For an organization that has suffered structural challenges in the past, many are skeptical but we’re optimistic for success. The key variable will be how well the newly established NRMC and the National Cybersecurity and Communications Integration Center (NCCIC) coordinate their respective missions.
Otherwise, perhaps more powerful than any announcements from the Summit was the subtle image of the 4-star-clad head of NSA and Cyber Command gleefully sharing the stage with the Secretary of Homeland Security, an unprecedented sight given the historical rivalries between two agencies with inherently conflicting equities. The message was clear: we’re all in this together.
Security analysts have discovered a new hacking group that has been successful in breaching the networks of electric utilities in the United States.
The hacking group, while not particularly sophisticated, has been effective. The group successfully breached networks of the companies' business sides by using common tools and tactics like phishing emails and so-called watering hole attacks — a strategy in which a hacker infects a legitimate website that its target frequently visits.
Analysts also say the hackers are likely aiming to collect intelligence on industrial systems so they can develop capabilities to disrupt them in the future — a capability they have not yet demonstrated.
Our Take: We’ll have more to say about this next week, so stayed tuned for a forthcoming article on what is playing out in the energy industry and other critical infrastructure verticals. In the meantime, this development is a disturbing reminder that our public utilities and other lifeline sectors are high-value targets for state-sponsored threat actors. It also demonstrates the degree to which geopolitics will increasingly dictate the difference between an intelligence operation and a disruptive or even destructive attack.