Cybercriminals are actively attacking the American critical infrastructure by exploiting the vulnerabilities of internet-connected operating technologies (OT). To address this ongoing threat, the US National Security Agency (NSA) has introduced a new repository for detecting and analyzing OT invasions. The NSA, in collaboration with its Github resource called Elitewolf, has made these valuable data available to the public.
This move by the NSA is motivated by the increasing interest of foreign powers in targeting the United States’ civilian infrastructure. With the adversaries’ capabilities growing and the vulnerabilities in OT systems posing potential risks, the NSA strongly advises owners and operators of critical infrastructure OT to utilize Elitewolf. This tool will play a crucial role in their continuous and vigilant system monitoring efforts.
However, the developers of Elitewolf caution that the tool is still in need of thorough testing and that the analytical data it provides may not necessarily indicate malicious activity. The agency advises future users to conduct their own research to verify the accuracy of the integrated rules.
Elitewolf is presented as a part of the ongoing strategy to protect against cyber threats targeting operating technologies, industrial control systems, and command systems. This strategy has already been described in the cybersecurity recommendations issued by the department.