The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Following SolarWinds, NSA Publishes OT Security Guidance for Fed Space

by Chris Brook on Monday May 3, 2021

Contact Us
Free Demo
Chat

To reduce malicious cyberattacks against operational technology (OT) following last year's SolarWinds attack, the National Security Agency has released evaluation methodology for network owners.

Hot on the heels of guidance via CISA and NIST on how organizations can better defend against software supply chain attacks, the National Security Agency released instructions last week on how to fine tune any operational technology setups following last year's SolarWinds attack.

This guidance is technically for agencies in the defense department and third party military contractors; the NSA called on National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) owners to heed its its advisory last Thursday.

The gist of the advisory is to highlight some of the dangers often inherent in connectivity. operational technology, or OT, is essentially any technology - hardware or software - that can detect and control changes through the monitoring of industrial or manufacturing process equipment or assets.

While the basic warning here is simple - think twice and weigh the risk before connecting OT to an IT network - the NSA acknowledges that sometimes, connectivity is necessary. when those times arise, have the right steps in place to prevent exploitation.

When connecting OT networks to IT networks, the nsa stresses having the appropriate mitigations in place, including the ability to limit access, actively monitor, log all access attempts, and cryptographically protect remote access vectors.

Until some of these mitigations, like monitoring, are in place, entities should also ensure that all remote access connections are disconnected and that an OT network map and OT network communication baseline have been established

Of course, before even going through these steps, an organization needs to come to terms with the fact that it's better to leave an OT system unconnected or islanded, when it comes to keeping them protected from threats. even an occasionally connected OT system, "can be a good compromise because it is only at risk when it is connected, which should only be done when required, such as for downloading updates or during times when remote access is required for a finite period of time."

The NSA also encourages entities to consider the cost of mitigating the risks that stem from connecting OT networks to an enterprise it system, especially since many OT systems can be older, approaching end of life, and could prove costly when it comes to ensuring they're updated and secured from a wide-scale compromise.

"Mindfully prioritize and consider the risks before allowing enterprise IT-to-OT connections. While OT systems rarely require outside connectivity to properly function, they are frequently connected for convenience without proper consideration of the true risk and potential adverse business and mission consequences. Taking action now can help improve cybersecurity and ensure mission readiness," the NSA's guidance reads.

Tags: Cybersecurity

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • The Five Stages of Threat Hunting
  • A Proactive Approach to Threat Hunting
  • Expert Tips

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.