Carding 4 Carders
Professional
Can the new tool change the way we look at cybersecurity in ICS/OT?
Cybercriminals continue to actively attack the US critical infrastructure, using available on the Internet and vulnerable assets of operational technologies (OT). In response to this threat, the US National Security Agency (NSA) introduced a repository for intrusion detection systems and OT analytics. This data was posted on the NSA's GitHub resource called ELITEWOLF.
This decision was made due to the growing interest of foreign powers in US civilian infrastructure. The increased capabilities of adversaries, the vulnerability of OT systems, and other potential risks prompted the NSA to recommend that owners and operators of critical OT infrastructure use ELITEWOLF to protect their systems. This tool will be an important part of a continuous and vigilant monitoring program.
On the GitHub page, the developers of the new tool warn that it still needs to be thoroughly tested, and the analytical data provided to them will not necessarily indicate malicious activity. The agency recommends that future users of ELITEWOLF conduct their own research to determine the accuracy of the built-in rules.
ELITEWOLF is presented as a continuation of the strategy for protecting operational technologies, as well as industrial management and control systems, from cyber attacks. This strategy has already been described in previous recommendations of the Agency.
Cybercriminals continue to actively attack the US critical infrastructure, using available on the Internet and vulnerable assets of operational technologies (OT). In response to this threat, the US National Security Agency (NSA) introduced a repository for intrusion detection systems and OT analytics. This data was posted on the NSA's GitHub resource called ELITEWOLF.
This decision was made due to the growing interest of foreign powers in US civilian infrastructure. The increased capabilities of adversaries, the vulnerability of OT systems, and other potential risks prompted the NSA to recommend that owners and operators of critical OT infrastructure use ELITEWOLF to protect their systems. This tool will be an important part of a continuous and vigilant monitoring program.
On the GitHub page, the developers of the new tool warn that it still needs to be thoroughly tested, and the analytical data provided to them will not necessarily indicate malicious activity. The agency recommends that future users of ELITEWOLF conduct their own research to determine the accuracy of the built-in rules.
ELITEWOLF is presented as a continuation of the strategy for protecting operational technologies, as well as industrial management and control systems, from cyber attacks. This strategy has already been described in previous recommendations of the Agency.
