The Canadian Centre for Cyber Security (Cyber Centre) has joined the Cybersecurity and Infrastructure Security Agency (CISA), and the following international partners in releasing joint guidance to highlight and safeguard against the continued malicious cyber activity conducted by pro-Russia hacktivists against operational technology (OT) devices:
- Federal Bureau of Investigation (FBI)
- National Security Agency (NSA)
- Environmental Protection Agency (EPA)
- Department of Energy (DOE)
- United States Department of Agriculture (USDA)
- Food and Drug Administration (FDA)
- Multi-State Information Sharing and Analysis Centre (MS-ISAC)
- United Kingdom’s National Cyber Security Centre (NCSC-UK)
Pro-Russia hacktivists seek to compromise small-scale OT systems in North American and European water and wastewater systems, dams, energy, food and agriculture sectors. They do this by compromising modular industrial control systems and hardware, such as connected human machine interfaces (HMIs), by exploiting virtual network computing remote access software and default passwords.
The joint guidance shares information and mitigations associated with recent cyber operations against OT and urges OT operators to apply the recommended mitigations.
Organizations should safeguard against cyber threats to their OT systems by:
- hardening HMIs
- strengthening their security posture
- limiting adversarial use of common vulnerabilities
Device manufacturers should build products that are secure by design and by default, and ensure their products:
- eliminate default passwords
- mandate multi-factor authentication for privileged users
- include logging at no additional charge
- publish software bills of materials
Read the joint guidance Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity.