Western cyber agencies warn about threats to industrial operational technology

A group of Western cyber agencies warned on Wednesday about the growing digital threats facing the operational technology at the heart of industrial systems.

New guidance issued by Britain’s National Cyber Secure Centre (NCSC), a part of signals and cyber intelligence agency GCHQ, sets out how organizations should securely connect equipment such as industrial control systems, sensors and other critical services.

These types of technology are often at the heart of critical infrastructure, from energy generation plants through to water treatment facilities, manufacturing lines and transportation networks.

While historically air gapped from the internet, many of these systems are now remotely monitored and managed, increasing efficiency but also the potential attack surface for malicious actors.

According to the security agencies involved in the guidance, a wide range of groups are increasingly targeting industrial environments, from ransomware gangs to state-backed hackers and other cyber threats.

“Exposed and insecure OT connectivity is known to be targeted by both opportunistic and highly capable actors,” warns the guidance, citing a joint advisory calling out China state-sponsored cyber activity issued in June 2023.

It also highlighted another advisory, issued by the U.S. Cybersecurity and Infrastructure Agency (CISA) and updated last month, that warned pro-Russia hacktivists were conducting opportunistic attacks against global critical infrastructure.

U.S. agencies, including CISA and the FBI, the Dutch and German cybersecurity agencies, and fellow Five Eyes cyber partners from Australia, Canada and New Zealand, co-authored the guidance.

It stresses the importance of network segmentation, strong authentication, monitoring and minimizing remote access paths to prevent disruptive attacks impacting essential services and potentially causing real-world harm.

As revealed by Recorded Future News last November, hackers have launched five cyberattacks against Britain's drinking water suppliers since the beginning of last year, according to reports filed with the drinking water watchdog and partially disclosed under freedom of information laws.

None of the attacks impacted the safe supply of drinking water itself, but instead affected the organizations behind those supplies. The incidents, a record number in any two-year period, highlight what British intelligence warns is an increasing threat posed by malicious cyber actors to the country’s critical infrastructure.

In a statement accompanying the release of the guidance, the NCSC’s chief technology officer Ollie Whitehouse warned it was “vital cyber security is treated as a foundational requirement that supports physical safety outcomes, uptime and service continuity.”

“Co-created with international partners and with extensive industry collaboration, the new NCSC guidance offers a clear, practical framework for designing and maintaining secure connectivity, reducing attack surface and boosting resilience,” said Whitehouse.

“We strongly recommend OT practitioners worldwide follow the eight key principles to help make confident, security-led decisions that will safeguard critical services and strengthen trust in connected systems.”