XONA Blog

"Shields Up" Strategy - the New Reality for U.S. Critical Infrastructure

Written by Bill Moore | Feb 27, 2022 5:00:00 AM

U.S. Critical Infrastructure must guard against malicious cyber-attacks by implementing encryption and authentication at all access points for connected OT assets or continue to face an increased level of cyber risk.

Russian hackers are attempting to broadly penetrate Ukrainian infrastructure to disrupt critical services such as electricity, transportation, finance, and telecommunications.

US Government urges US Critical Infrastructure owners to harden their systems and implement a “shields up” strategy.  As tensions escalate, Russian cyberattacks could seek to disrupt US electricity, gas, and other systems, warn the FBI and Department of Homeland Security.  Biden says, 'we are prepared to respond if Russia launches cyberattack against the US.'

OT systems need to implement a Zero-Trust secure operational gateway for user access with Multi-Factor Authentication (MFA) for encryption and authentication at the asset connection to stop the attack before gaining access to an industrial control system.  Regardless of how a hacker attacks the IT systems,  networks, or OT access points, encryption at the OT asset mitigates the attack.

The XONA Critical System Gateway (CSG) was explicitly designed to provide Zero-Trust secure user access for the OT environment. Our CSG directly addresses the requirement for encryption and authentication through hardware token-based multi-factor authentication (MFA), user session recording, user-to-asset monitoring, OT protocol isolation, encrypted screen remoting, and auditable connection logs.

8 Immediate Risk Mitigation Steps to Protect Critical Infrastructure Systems

  • Identify all data communication protocols communicating on the OT network (East-West) and from OT Network to IT Network or Internet (North-South)
  • Ensure all communication from IT/Internet to OT network is encrypted
  • Ensure no data-in-transit for any user sessions not associated with a multi-factor authenticated session.
  • Isolate all data communication protocols to OT network
  • Ensure all user access session data to critical OT systems is logged and recorded.
  • Ensure plant-level controls for allowing remote access through software “lockbox and virtual wait lobby including visual and audible alarms.
  • Monitor all non-read only user access sessions
  • Verify acceptable risk level for access to critical assets through asset monitoring, threat (IOC) feeds, and vulnerability detection tools.
XONA CSG provides a “ shields up” solution that can be deployed and functioning in less than a day to harden OT access connections securing critical infrastructure.
View full post