Source: www.databreachtoday.com – Author: 1
Critical Infrastructure Security
,
Governance & Risk Management
,
Operational Technology (OT)
Advisory Says Disconnecting ICS Reduces Exposure to Malicious Cyber Activities
Prajeet Nair (@prajeetspeaks) •
May 22, 2024
Rockwell Automation warned customers to disconnect industrial control systems from the internet, citing escalating cyber threats and rising global geopolitical tensions.
See Also: From Ancient Myths to Modern Threats: Securing the Transition from Legacy to Leading Edge
The advisory calls for immediate action from users to assess and remove internet connectivity for devices not explicitly designed for online exposure. Devices should never be configured for direct public internet access unless they are specifically designed for it, such as certain cloud and edge offerings, it said.
Disconnecting these systems is a proactive measure to reduce the attack surface and exposure to unauthorized and malicious cyber activity from threat actors, the advisory said.
Earlier this month, a joint warning from U.S. and international cyber agencies warned that pro-Russian hacktivists are intensifying attacks on critical operational technology systems across North America and Europe, targeting sectors such as water, wastewater, dams, energy and agriculture.
The joint advisory said that the hacking groups are using unsophisticated techniques to target internet-exposed industrial control systems, causing disruptions and posing physical threats to vulnerable operational technology environments (see: US and Allies Issue Cyber Alert on Threats to OT Systems).
Pro-Russian hackers gain remote access through publicly exposed internet-facing connections and unpatched software. Hackers also exploit default and weak passwords for accounts not protected by multifactor authentication.
The joint alert urges organizations to implement multifactor authentication for all access to the OT network, disconnect programmable logic controllers and HMIs from public-facing internet, and immediately change default and weak passwords.
Recommendations also include integrating cybersecurity best practices into OT system design and development, as well as creating backups of engineering configurations and firmware for faster recoveries.
Jim Routh, chief trust officer at Saviynt, said it is relatively common to have industrial control devices configured with access controls outside of the IT and identity and access management teams.
“In this case, enterprise customers using the Rockwell ICS devices may have been connected to the internet with limited access controls that need hardening and management. Disconnecting these devices from the Internet is the safest alternative in addition to establishing more mature IoT security practices,” said Routh, also an Institute for Critical Infrastructure Technology fellow.
Original Post url: https://www.databreachtoday.com/rockwell-automation-urges-disconnection-ics-from-internet-a-25298
Category & Tags: –
Views: 0