CISA Issues Emergency Directive Requiring Federal Agencies to Patch Critical Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive (ED) 21-02 today requiring federal civilian departments and agencies running Microsoft Exchange on-premises products to update or disconnect the products from their networks until updated with the Microsoft patch released yesterday. It also requires agencies who are currently able to do so to collect forensic images.
Last Published Date: March 3, 2021

Protect Operational Technologies and Control Systems against Cyber Attacks

Cyber actors have demonstrated their willingness to conduct cyber attacks against critical infrastructure by exploiting Internet-accessible Operational Technology (OT) assets. Due to the increase in adversary capabilities and activities, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to harm to US interests or retaliate for perceived US aggressive.
Last Published Date: February 5, 2021

CISA Insights

Informed by U.S. intelligence and real-world events, each CISA Insight provides background information on particular cyber or physical threats the nation’s critical infrastructure, as well as a ready-made set of mitigation activities that non-federal partners can implement. This page is continuously updated to reflect new CISA Insights as they are made available.

CISA Statement on Iranian Cybersecurity Threats

In response to reports of an increase in cybersecurity threats, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher C. Krebs issued the following statement:

“CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies. We will continue to work with our intelligence community and cybersecurity partners to monitor Iranian cyber activity, share information, and take steps to keep America and our allies safe.

Last Published Date: February 5, 2021