This blog was updated Jan. 7, 2020 with additional information.
The U.S. Department of Homeland Security (DHS) has issued a National Terrorism Advisory bulletin warning of a potential cyberattack by Iran in the wake of a U.S. drone attack that killed a senior Iranian military commander.
The advisory notes that there is currently no information about a specific, credible threat to the U.S., however, the DHS warns that Iran maintains a robust cyber program and “is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
The DHS warns that Iran maintains a robust cyber program and “is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
It’s Time to Perform a Cyber Security Health Check
The DHS Advisory urges proactive preparations including “basic cyber hygiene”.
We couldn’t agree more. Based on many years of helping critical infrastructure increase its cyber resiliency, we know that a few simple steps can make all the difference in protecting an organization against operational disruptions.
We discussed the potential threat today with Nozomi Networks Advisor and former Under Secretary for the National Protection and Programs Directorate (NPPD) at the U.S. Department of Homeland Security (DHS), Suzanne Spaulding.
“Iran has already demonstrated intent and capability to attack inside the U.S. as well as a high tolerance for escalating risk, specifically during the 2011 plot to assassinate the Saudi Ambassador to the U.S. Therefore, current risk of escalatory action by Iran is particularly high, given that ‘red lines’ are not clearly defined in cyberspace and the Iranian government will be under intense internal pressure to take strong action.”
Suzanne Spaulding, Nozomi Networks Advisor
At this time, critical infrastructure organizations including energy, transportation, water, manufacturing, communications, and other services that support everyday life, should be particularly vigilant with respect to their standard cyber security practices for operational assets.
We suggest performing a cyber security health check, following best practices, such as:
- Ensure that your assets are updated with the latest software/firmware version.
- Apply a health-check on your network infrastructure. Ensure that correct network segregation and firewall policies are in place.
- Apply a health-check on your SIEM solution and complementary systems (Anti-Virus, IDS, etc).Ensure that all the nodes are monitoredand that there are no anomalies in the network traffic.
- Sanitize access and authorization. Verify that proper authentication schemes and policies are used(2FA, strong passwords), and that old credentials and expired digital certificates are revoked.
- Remain vigilant against suspicious emails or external devices that are allowed in your environment(USB, mobile phones, etc).
- Maintain a robust security awareness program for the employees of the organization. Establishperiodic training sessions and ensure that all employees in the corporate ladder are participating.
- Revisit your business continuity plan. Confirm that, in case of a successful cyber-attack, properbackup schemes and recovery policies are in place.
We also suggest leveraging security tools that provide broad operational visibility, continual network monitoring, and detection of system anomalies. The current situation demands renewed scrutiny around unusual activity, and immediate investigation of possible incidents.
Nozomi Networks Labs: Defending Critical Infrastructure Against Cyber Risks
The Nozomi Networks Labs team works with a broad range of security experts and leading institutions to find new and better ways to improve industrial cyber security.
Similar to our recommendations for all critical infrastructure organizations, Nozomi Networks Labs is continually monitoring for emerging threats. For example, our OT ThreatFeed service, which is produced and curated by the Labs team, delivers up-to-date threat intelligence to the Nozomi Networks Guardian solution, making it easy to detect threats and vulnerabilities within OT and IoT environments.
“A critical part of neutralizing threats before they can migrate to operational systems, or between IT and OT networks, involves early warning. We can’t stress enough the importance of continuous monitoring, not just when these kinds of advisories are raised. Otherwise it may be too late to contain the enemy already in your network.”
Moreno Carullo, Co-founder and Chief Technical Officer
Nozomi Networks is committed to keeping our customers informed should new information on the potential cyberattack become available. The Nozomi Networks Labs team and field support staff are also on standby should clients need assistance.
Related Content to Download
“Improving ICS Cyber Security for Substations and Power Grids”
Read this document to learn:
- Technical challenges that must be solved for power grid security
- Sample architectures for cyber resiliency
- Cyber security use cases
- Operational visibility use cases
- How passive ICS anomaly detection works
- Expert insights on securing substations and grids
- Real-time cyber security and visibility solution requirements
- DSH NTAS Bulletin: Summary of Terrorism Threat to the U.S. Homeland
- Research Paper: TRITON: The First ICS Cyber Attack on Safety Instrument Systems
- Research Paper: GreyEnergy: Dissecting the Malware from Maldoc to Backdoor
- Blog: What You Need to Know About LookBack Malware & How to Detect It
- Webpage: Nozomi Networks Labs – Defending Critical Infrastructure Against Cyber Risk
- Executive Brief: Business Leaders Need to Quickly Shift Focus to Industrial Cyber Security
- White Paper: Advancing ICS Visibility and Cyber Security with the Nozomi Networks Solution
- Solution Brief: Nozomi Networks – Real-time Cyber Security and Visibility for Industrial Control Networks
Co-Founder and Chief Technical Officer
Armed with a Ph.D. in Artificial Intelligence and an extensive background in systems engineering and software development, Moreno Carullo has led the way in redefining the ICS cyber security product category. A long-time member of the IEC TC57 WG15 subcommittee, he is also actively working to shape cyber security standards for power system communication protocols. As Founder and Chief Technical Officer at Nozomi Networks, Moreno leads an exceptionally talented software development team that uses agile development to quickly address the cyber security requirements of enterprise customers and partners.