OVERVIEW

In recent months, ransomware attacks targeting critical infrastructure have demonstrated the rising threat of ransomware to operational technology (OT) assets and control systems.1

OT components are often connected to information technology (IT) networks, providing a path for cyber actors to pivot from IT to OT networks.2 Given the importance of critical infrastructure to national security and America’s way of life, accessible OT assets are an attractive target for malicious cyber actors seeking to disrupt critical infrastructure for profit or to further other objectives. As demonstrated by recent cyber incidents, intrusions affecting IT networks can also affect critical operational processes even if the intrusion does not directly impact an OT network.

All organizations are at risk of being targeted by ransomware and have an urgent responsibility to protect against ransomware threats. Critical infrastructure asset owners and operators should adopt a heightened state of awareness and voluntarily implement the recommendations listed in this document, including:

• Identify critical processes that must continue uninterrupted in order to provide essential services;

• Develop and regularly test workarounds or manual controls to ensure that critical processes—and the industrial control system (ICS) networks supporting them—can be isolated and continue operating without access to IT networks, if needed;

• Implement robust network segmentation between IT and OT networks; and

• Ensure backup procedures are implemented and regularly tested and that backups are isolated from network connections.

These steps will help critical infrastructure owners and operators improve their entity's functional resilience by reducing their vulnerability to ransomware and the risk of severe business degradation if affected by ransomware.