U.S. Critical Infrastructure must guard against malicious ransomware attacks by implementing standards-based encryption and multi-factor authentication at all access points to OT assets 

U.S. officials warn of potential ransomware attacks in response to increased sanctions on Russia and have asked state and local officials to consider how ransomware attacks could disrupt the provision of critical services. “Right now, the biggest concern we have are preparations for potential impacts to US utilities and industrial critical infrastructure.” (Dragos)

The threat of Ransomware attacks is emerging as a critical cyber risk for electric utilities in the United States as evidenced by the recently passed Infrastructure Investment and Jobs Act (“Act”) Public Law 117–58.  The Act specifically provides grant funding for municipal utilities to deploy advanced cybersecurity technologies to protect against, detect, respond to, or recover from a cybersecurity threat to enhance the security posture of electric utilities. 

Utility owners should consider implementing a Zero-Trust secure operational gateway for user access with Multi-Factor Authentication (MFA) for encryption and authentication at the critical assets to block hackers from gaining access to their industrial control system. Regardless of how a hacker attacks the networks, or OT access points, encryption at the OT asset mitigates the ransomware attack. 

The XONA Critical System Gateway (CSG) was explicitly designed to provide Zero-Trust secure user access for the OT environment. Our CSG directly addresses the requirement for encryption and authentication through hardware token-based multi-factor authentication (MFA), user session recording, user-to-asset monitoring, OT protocol isolation, encrypted screen remoting, and auditable connection logs. 

XONA CSG provides a simple and secure solution that can be deployed and functioning in less than a day to harden OT access connections securing critical infrastructure.