Cyber actors have demonstrated their continued willingness to conduct malicious cyber activity against critical infrastructure by exploiting Internet-accessible and vulnerable Operational Technology (OT) assets. To counter this threat, NSA has released a repository for OT Intrusion Detection Signatures and Analytics to the NSA Cyber GitHub. The capability, known as ELITEWOLF, can enable defenders of critical infrastructure, defense industrial base, and national security systems to identify and detect potentially malicious cyber activity in their OT environments.
Civilian infrastructure has become an attractive target for foreign powers attempting to do harm to U.S. interests. Because of the increase in adversary capabilities, the vulnerability of OT systems, and the potential scope of impact, NSA recommends that OT critical infrastructure owners and operators implement ELITEWOLF as part of a continuous and vigilant system monitoring program.
For more detailed information, visit the ELITEWOLF page on NSA’s GitHub.
ELITEWOLF is being released as a follow up to the Protect Operational Technologies and Control Systems against Cyber Attacks Cybersecurity Advisory.