Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

CISA Shields Up Advisory: Potential Russian Cyber Attack Escalation

The Cybersecurity & Infrastructure Security Agency (CISA), the United States’ cyber defense agency, has issued a recommendation for US companies to be on high alert for potential cyber attacks from the Russian government.

According to the advisory, “The Russian government understands that disabling or destroying critical infrastructure—including power and communications—can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives.”

Organizations are always at risk from cyber threats, but more organizations in more sectors have seen attacks over the last few years. In 2015, Russia delivered a crippling attack on Ukraine’s power grid, resulting in outages for nearly 230,000 customers. The attack took place during a Russian military invasion, and it is the first publicly acknowledged successful cyberattack on a power grid. The advanced persistent threat group known as "Sandworm" is thought to be the orchestrator of that attack.

CISA’s recommendations are centered around being proactive, rather than reactive, when facing cybersecurity threats. Adopting industry standards is recognized as the best way to consistently mitigate risk and ensure a strong posture against cyber-attacks.

The ISA/IEC 62443 series of standards is the world’s only consensus-based cybersecurity standard for automation and control system applications. These standards codify hundreds of years of operational technology and IoT cybersecurity subject matter expertise. Using the ISA/IEC 62443 series of standards as a foundation, companies can focus on adopting security as part of the operations lifecycle, ensuring compliance with various aspects of the standards across their supply chains, and including cybersecurity in operational risk-management profiles.

In addition to leveraging the ISA/IEC 62443 standards, companies should be thinking about the following aspects of defense given the recent geopolitical climate:

  • Validating that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication
  • Ensuring that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA
  • Confirming that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes; if the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA's guidance
  • Ensuring that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Encourage low-threshold reporting and consistent logging of issues
  • If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic. If you are a small or medium sized firm in the Ukraine, check out Dragos’ recent offer to onboard your organization at no cost (first come, first serve)
  • Designating a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business continuity; get engaged in ICS4ICS long-term to have a proven plan for responding to incidents
  • Testing backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections

CISA urges cybersecurity, OT, and IT personnel at every organization to review, "Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure." CISA also recommends organizations visit StopRansomware.gov, a centralized, whole-of-government webpage providing ransomware resources and alerts.

Jennifer Halsey
Jennifer Halsey
Jennifer Halsey was the director of marketing and communications for ISA.

Related Posts

Securing Industrial Networks Can–And Should–Be Simple

A version of this blog originally appeared on Cisco
Andrew McPhee Jan 24, 2023 5:30:00 AM

Double Extortion Ransomware: What It Is and How to Respond

New attack methods in the cybersecurity landscape continue to emerge in the digitally driven world. One t...
Zac Amos Jan 17, 2023 5:30:00 AM

Defending Remote-Friendly Environments from Cyberattacks

This blog has been repurposed from the December 2022 issue of InTech
Damon Purvis Jan 10, 2023 5:30:00 AM