In a joint advisory with the Department of Energy, the Cybersecurity and Infrastructure Security Agency (CISA) warned U.S. organizations this week to secure internet-connected uninterrupted power supply (UPS) devices from ongoing attacks.
Used as emergency power backup solutions for a variety of digital computing environments, UPS devices are widely used, making this a critical security alert.
UPS units connected to the Internet allow admins to perform various remote tasks such as power monitoring and routine maintenance, which also exposes them to attacks.
What to do:
- Locate all UPSs and other such emergency power systems on your network and make sure they’re not connected to the internet. If they must be connected to the internet, there are a variety of recommended tactics to deploy. Get more detailed information by viewing this PDF on the CISA.org website. (that whole previous sentence can be linked to this URL https://www.cisa.gov/sites/default/files/publications/CISA-DOE_Insights-Mitigating_Vulnerabilities_Affecting_Uninterruptible_Power_Supply_Devices_Mar_29.pdf)
- Make sure the password(s) are not the initial, factory default ones, and make sure new passwords utilize all best practices for strong passwords.
- Implement logout/timeout features.
Remember, the CISA, and Citynet recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.
Make sure you are doing all you can to protect your network, devices, employees, and customers – contact Citynet today. Call us, anytime at 800.881.2638
