The NSA and CISA have just given some advice to operators of critical infrastructures to protect their industrial control systems.


The National Security Agency (NSA) and the US Cybersecurity Agency (CISA) have just released a joint advisory explaining how to thwart cyberattacks targeting industrial control systems.

This 13-page document outlines what critical infrastructure operators need to know about their adversaries. This feedback is based in particular on the recent cyberattacks against the Ukrainian energy network and the ransomware attack against a fuel dispenser, a direct reference to the cyberattack that targeted Colonial Pipeline.


  • Fear of a cyber extension of the conflict

             Indeed, there are growing fears that cyberattacks launched in the wake of Russia's invasion of Ukraine could extend to Western critical infrastructure. Earlier this year, CISA warned that attackers had built custom tools to take control of industrial control systems from major manufacturers.

The NSA and CISA document is a reminder that advanced attack groups, whether criminal or state-sponsored, target industrial control systems for political gain, economic advantage or destructive effect. Attacks that could lead to deaths, property damage and the collapse of critical national functions.

  • Know the threat

      However, before these extreme scenarios, the range of disruptions that can occur is wide. “Operators of industrial control systems need to fully understand threats to better defend against them,” says Michael Dransfield, an NSA cyber defense expert. “We therefore expose the strategies of malicious actors to harden our systems and prevent their next attempts,” he adds.

As both agencies point out, industrial control systems can be supported by vulnerable, publicly available computer components. “Furthermore, a multitude of tools are readily available to target them. This is why there is a growing risk to industrial control systems,” say the NSA and CISA.

  • More vigilance

           The attack surface is also increasing thanks to the integration of industrial computing in remotely controlled networks. The NSA notes that critical infrastructure operators must assume that their system will be targeted and not that it could be. It also offers simple strategies that traders can adopt.

Thus, these good practices consist in particular in limiting the dissemination of information on the hardware, software and operating systems used. Operators are also encouraged to inventory and secure remote access points, perform regular security audits, and implement a dynamic network environment.

On this last point, the agencies note: “While it may be unrealistic for administrators to make non-critical changes on a regular basis, operators should consider periodically making changes to their network. A small change can go a long way to disrupting access previously gained by a malicious actor. »