On Thursday, July 23rd the NSA and CISA issued an urgent joint cybersecurity advisory (Alert AA20-205A) to all critical infrastructure and services operations that rely upon OT systems to deliver core services. Jointly, two US government entities with the greatest visibility into system attack surfaces and exploitation in the wild have issued recommendations that corresponding operations act with urgency to rapidly assess and manage the holistic set of security exposures placing such environments at risk.SIGN UP FOR OUR WEBINAR “MEETING THE RECOMMENDATIONS OF ALERT AA20-205A”
Their recommendations for immediate action are based on the following factors that contribute to what they describe as a “perfect storm”.
The joint entities have issued a number of detailed recommendations to help OT operations:
Their specific recommendations are categorized as follows:
First and foremost, we help our customers identify every single device in their OT and overall environment, whether it’s communicating over wire, wireless or over the air. This agentless, passive and continuous discovery capability ensures that our customers have a complete view of every device – OT, IT, and IoT.
Not only do we provide insights into every make, model, hostname and much more for every device in the environment, we also provide insights into how devices are communicating with other devices in the detail expected by IT and OT teams alike. This includes data flow maps and raw communication details for IT and Perdue model visualizations and overviews for OT.
Once all of the devices are identified and their behaviors normalized and compared against our Device Knowledgebase tracking over 280 million devices and corresponding behaviors, we provide visibility into known vulnerabilities and risks exposing the device and environment to potential exploitation. Our continuous and real-time yet passive visibility also enables our customers to rapidly detect and respond to active attacks, both manually or automatically. This includes being able to rapidly contain attacks by isolating compromised devices through integrations with network solutions such as NAC or even switches.
The sheer level of visibility offered to our customers and spanning IT, IoT, and OT also ensures that response, resiliency, and network hardening plans can be established and executed effectively and with the greatest impact in the shortest period of time. Without the level of visibility that solutions like Armis provide, any such plans will only be partially complete and may not align with executive expectations around truly understanding and managing this risk.
Lastly, delivering on the need for a “Continuous and Vigilant System Monitoring Program” cannot be accomplished using traditional security solutions and capabilities in an OT environment. Only modern security solutions built to continuously assess for, alert on, and enable a response to elevated risks, highly anomalous behavior, and active compromise based on the context around how all forms of devices operate in an environment will achieve this outcome.
Armis is here to help our customers achieve each of the recommendations outlined by the NSA and CISA, quickly.
Beyond the fact that we rarely see broadly impacting advisories with the call for immediate action to avoid catastrophic events with the potential for loss of life outcomes, it’s important to consider this situation from another perspective as well.
Imagine for a moment that 12 months from now, an industrial operation and its OT systems are systematically compromised, leading to extensive outages, potential loss of life within one or more locations, a significant loss of current and future revenue, massive brand impacts and corresponding campaigns to improve this image, extensive response and recovery costs, as well as other related expenses and hits to revenue forecasts of at least 8 figures.
When filing a corresponding cyber insurance claim, the enterprise may face another challenge. If the enterprise failed to act upon the direct recommendations by the NSA and CISA to better understand and manage OT risks within their environment, what is the likelihood that the insurance provider will be willing to pay the claim? The likelihood of payment should be expected to reduce exponentially with every passing month before remediation plans are developed and efforts begin. In turn, enterprises should consider not only the immediate potential for costly impact to operations but also the inability to defer expenses in the event that operations are impacted by a bad actor.
Sign up to receive the latest news