American cyber intelligence agencies are warning that unnamed advanced threat actors now have the ability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices. The alert issued Wednesday by the U.S. Department of Energy, the Cybersecurity and Infrastructure Security Agency (CISA), the NSA and the FBI is particularly aimed at energy providers. But it also applies to any organization that uses ICS and SCADA devices. The alert says the threat groups have the capability to access a number of devices but particularly:
- Schneider Electric programmable logic controllers (PLCs);
- OMRON Sysmac NEX PLCs;
- Open Platform Communications Unified Architecture (OPC UA) servers.
- isolating ICS/SCADA systems and networks from corporate and internet networks using strong perimeter controls, and limit any communications entering or leaving ICS/SCADA perimeters;
- enforcing multifactor authentication for all remote access to ICS networks and devices whenever possible.