The Cybersecurity Infrastructure and Security Agency recently made a collection of significant announcements impacting its structure and focus, as well as to update some key industrial control system advisories.
First, CISA announced that it is continuing to see active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices used in Water and Wastewater Systems (WWS) Sector. Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm.
CISA is urging OT/ICS operators in critical infrastructure sectors to apply the recommendations listed in Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity to defend against this activity.
The agency also released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of an ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting (XSS) continue to appear in software, enabling threat actors to exploit them. However, the agency also states that cross-site scripting vulnerabilities are preventable and should not be present in software products.
CISA and the FBI are urging business leaders to direct their technical teams to review past instances of these defects and create a strategic plan to prevent them in the future. Additional resources include the agency's Secure by Design resource page.
CISA also unveiled their Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan. Developed in collaboration with FCEB agencies, this plan provides standard, essential components of enterprise operational cybersecurity and aligns the collective operational defense capabilities across the federal enterprise. Currently, federal agencies maintain their own networks and system architectures, and they independently manage their cyber risk.
CISA’s FOCAL plan aligns the federal enterprise, empowering agencies to better address the dynamic cyber threat environment collectively. The plan recommends actions that substantively advance operational cybersecurity improvements and alignment goals.
Finally, the agency announced six new Industrial Control Systems advisories with information about current security issues, vulnerabilities, and exploits. They include:
- ICSA-24-263-01 Rockwell Automation RSLogix 5 and RSLogix 500
- ICSA-24-263-02 IDEC PLCs
- ICSA-24-263-03 IDEC CORPORATION WindLDR and WindO/I-NV4
- ICSA-24-263-04 MegaSys Computer Technologies Telenium Online Web Application
- ICSA-24-263-05 Kastle Systems Access Control System
- ICSA-20-168-01 Treck TCP/IP (Update I)
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.