Threat Intelligence: NSA & CISA Recommendations for Reducing OT and CS Threat Exposure

New Alert Issued: AA20-205A
Cynerio
News
Jul 27, 2020

Alert Information

CISA and the NSA issued an alert (AA20-205A) on July 26, 2020 regarding the increased threat of cyber attacks on critical infrastructure through connected Operational Technologies (OT) and Control Systems (CS) vulnerabilities.

Systems & Assets Affected in Healthcare Environments

Critical OT like HVAC cooling systems for pharmaceutical products, pneumatic tube systems, elevators, and fire control systems are at risk. In addition, IoMT devices including infusion pumps, MRI and CT machines, heart monitors, and others are at equal risk.

How Are Organizations Being Targeted?

Threat actors can exploit OT and CS through:

  • Spearphishing
  • Deployment of commodity ransomware
  • Connecting to Internet-Accessible PLCs and modifying control logic and parameters
  • Downloading modified logic control and hacking controllers via ports and standard application layer protocols
  • Exploiting vendor software to get unauthorized access

How Can This Impact Health Care?

A breach can directly impact clinical workflow and the ability to deliver critical medical care:

  • OT networks and communications can become unavailable or rendered inoperable
  • Organization-wide workflow disruptions
  • Loss of access by authorized personnel
  • Damage to productivity jeopardizes patient safety and confidentiality, can compromise business integrity, and result in significant revenue losses

How Can Cynerio Help Mitigate the Threats?

Step 1: Understand the clinical impact of systems and assets before disconnecting them in order to ensure uninterrupted medical services and organizational workflow

Step 2: Disconnect low-priority functionalities from systems to decrease risk

Step 3: Harden your network with North-South and East-West segmentation, vendor access management, software updates, and patching

Step 4: Create a network map of all OT systems and assets

Step 5: Conduct continuous monitoring and cyber risk assessments

To schedule a free risk assessment and learn how your assets may be affected today, contact us today.