Cyber entities continue to show a persistent interest in targeting critical infrastructure by taking advantage of vulnerable OT assets. To counter this threat, NSA has released a repository for OT Intrusion Detection Signatures and Analytics to the NSA Cyber GitHub.
The capability, known as ELITEWOLF, can enable defenders of critical infrastructure, defense industrial base, and national security systems to identify and detect potentially malicious cyber activity in their OT environments.
These signatures/analytics aren’t necessarily malicious activity. They require follow-up analysis to determine if this activity is malicious or not. The rules have been tested, but every system can be configured differently, so ensure that the signature is triggered properly or is adjusted as needed based on the sensors and the environment.