NSA Offers OT Security Guidance in Wake of SolarWinds Attack
May 20, 2021
Compliance
May 4, 2021
Compliance
Compliance Twitter Get Permission
The U.S. National Security Agency is offering operational technology security guidance for the Defense Department as well as third-party military contractors and others in the wake of the SolarWinds supply chain attack.
In the warning, the NSA notes that a stand-alone, unconnected, or “islanded, OT system is safer from outside threats than one connected to an enterprise IT system with external connectivity. Each connection between an IT system and an isolated OT system increases the attack surface, so administrators should ensure only the most imperative IT-OT connections are allowed and that these are hardened to the greatest extent possible to prevent a possible attack.
NSA Offers OT Security Guidance in Wake of SolarWinds Attack govinfosecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from govinfosecurity.com Daily Mail and Mail on Sunday newspapers.
The NSA is offering operational technology security guidance for the Defense Department as well as third-party military contractors and firms in the wake of the
OPINION - From Teutonic Knights to NATO: Understanding Russia s invasion paranoia aa.com.tr - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from aa.com.tr Daily Mail and Mail on Sunday newspapers.
Get Permission
The Cybersecurity and Infrastructure Security Agency is investigating whether five government agencies may have been breached when attackers exploited vulnerabilities in Pulse Connect Secure VPN products, according to a senior agency official.
Earlier this month, researchers at the security firm FireEye published a report about attack groups attempting to exploit four Pulse Connect Secure vulnerabilities, including a zero-day flaw discovered in April that s now tracked as CVE-2021-22893.
Ivanti, the parent company of Pulse Secure, has issued a mitigation fix for the zero-day vulnerability and has urged customers to apply it.
Following the disclosure by FireEye and Ivanti, CISA issued an emergency directive requiring executive branch agencies to run tests using the Pulse Connect Secure Integrity Tool to check the integrity of file systems within their networks and report back the results to the agency on April 23.