News & Views
Tenable comments on OT attacks
“Today’s joint alert (https://us-cert.cisa.gov/ncas/alerts/aa20-205a) from the NSA and CISA about malicious activity targeting operational technology (OT) and critical infrastructure should be taken very seriously. Don’t be fooled – this isn’t a warning about the possibility of attacks. This is a warning that attacks have occurred and are ongoing as we speak,” says Marty Edwards, former Director of ICS-CERT and VP of OT Security, Tenable (www.tenable.com).
“OT is foundational to absolutely everything we do – from the energy we rely on, to the factories manufacturing medical devices, to the water we drink. The country runs on OT. While our reliance on OT has only increased, so too has the convergence of IT and OT. Internet-accessible OT devices are significantly more exposed to outside threats than the near-extinct air-gapped systems of old.”
“Organizations that utilize OT must remain vigilant and ensure they have complete, real-time visibility across their environments, including IT and OT assets and their associated vulnerabilities,” adds Edwards. “From there, security teams need to prioritize risk-based mitigations such as vulnerability severity, exploitability and asset criticality.”