CISA Guide: Securing operational technologies from ransomware attacks

15. June, 2021

Ransomware attacks are becoming more frequent, not only subjectively from the media, but also well documented with data. Small and medium-sized enterprises that have not taken all the necessary precautions are increasingly the target of such attacks.

While overall crime is decreasing significantly (-11.3%), cybercrime has increased by 26.3% in 2020 alone, according to the Federal Ministry of the Interior. An immense increase, also favoured by the increased use of digital processes triggered by the pandemic. [1]

Study: Ransomware threat on the rise

According to survey data, every tenth company in Austria has already been the target of a ransomware attack. The study assumes a further increase and the rise of the entire threat class. Despite the widespread spread, precautions are still insufficient in many companies, infrastructure operations and other institutions.

Factsheet: Improve precautions against ransomware

In the USA, too, some particularly critical infrastructure systems have been affected by ransomware attacks during 2021. For this reason, CISA (Cybersecurity & Infrastructure Security Agency) published a compact guide at the beginning of June that is intended to provide simple remedies. On just three pages, the most important points are summarised, which particularly address operational technology installations and control systems. The document recommends measures and resources that reduce the threat risk. Focusing on the most essential points should help companies build effective resilience to better protect local supplies and infrastructure. [2]

Measures: Prepare – Mitigate – Respond

The recommendations are structured simply and clearly according to the steps “Prepare – Mitigate – Respond”. An essential point describes the recording of the process-related dependencies of the OT systems on IT structures in order to minimise possible failures due to disruptions in the IT landscape. A reliable implementation of data protection and backups so that they cannot be deleted or changed by attackers is strongly recommended, as is a reliable and robust separation of OT and IT systems.

Transparency: making systems and vulnerabilities visible

In practice, a complete separation of IT and OT systems is often no longer possible. Then further measures are needed, such as network monitoring, segmentation with firewalls or even with data diodes. The basic prerequisite for all security measures and a reliable risk assessment is full transparency over the entire IT/IoT/OT network.

Nozomi Guardian’s specialised technology analyses network traffic and makes devices and communication relationships visible. Through Threat Intelligence, the network is monitored for threats in real time, vulnerabilities are made visible and cyber threats are detected early. With the seamless integration of the technology into a Security Operation Centre, you can bring together all security-relevant data from your IT and OT systems.

With up to 25 years of practical experience in securing critical infrastructures, IKARUS is happy to advise and support you during system integration and beyond with customised Industrial Managed Defense Services. As a Platinum Partner of industry leaders Nozomi Networks and FireEye, we offer the best international technologies with the benefits of a local contact, local data processing and active on-site support from our certified system engineers and security specialists – from PoVs (Proof of Values) to the ongoing operation of the solution in your OT.