Steps to mitigate attacks against industrial control systems, outlined by three US Government entities — the Cybersecurity and Infrastructure Security Agency, the FBI and the Department of Energy — have come in for some sharp criticism from Robert M. Lee, the chief executive of Dragos, a company that specialises in security for such systems.
The three US agencies issued their advice along with details from the indictments of four Russian Government officials, who are alleged to have been involved in intrusions in energy systems around the globe, including attacking systems in the Middle East using malware known as Triton.
Lee, an ex-NSA hacker, welcomed the fact that the three agencies were providing additional information about the Russian operators. “Lots of great info but please don’t follow their mitigation advice for ICS. It’s not practical and, in some cases, dangerous,” he said in a thread on Twitter.
— J. A. Guerrero-Saade (@juanandres_gs) March 24, 2022
To illustrate what he had said, Lee sited the advice that under ICS best practices the three government agencies had claimed that all software should be updated. “This will literally bring down most environments, may void certain OEM warranties, and will absolutely rightfully piss off all your operations staff,” he pointed out. “It also is irrelevant to the attacks that were highlighted.”
Again, there was advice to harden field devices such as smartphones and tablets. To this, Lee said: “I’m not sure how those are field devices in an ICS context but please don’t have smart phones and tablets in your ICS.”
He also noted that there was a recommendation to configure encryption for ICS protocols. “This would cause operational outages and issues in most cases and, in most cases, isn’t even possible anyway. Also, [it is] not at all related to any of the attack scenarios discussed and reduces zero risk,” was his comment.
“…It says don’t let vendors connect their devices to the ICS. It sounds good, but ignores the reality of industrial operations, maintenance, etc. completely infeasible,” Lee added.
“…it says to not allow transient devices. Similar to the above, this just isn’t practical in reality with OEMs/maintenance personnel/integrators/etc.”
Another bit of advice doled out by the three agencies was to replace all out-of-date hardware and software.
Lee said this was nearly impossible and “would be an overly burdensome financial lift for a company that would not have reduced any of the risk in the highlighted attacks”.
SONICWALL 2022 CYBER THREAT REPORT
The past year has seen a meteoric rise in ransomware incidents worldwide.
Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:
Zero-day attacks and more
These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.
Click the button below to get the report.
PROMOTE YOUR WEBINAR ON ITWIRE
It’s all about Webinars.
Marketing budgets are now focused on Webinars combined with Lead Generation.
If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.
The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.
Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.
We look forward to discussing your campaign goals with you. Please click the button below.
MORE INFO HERE!