Safeguarding Network Assets: CISA's Directive
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding directive, Binding Operational Directive 23-02, to address the vulnerabilities associated with networked assets. These assets, which include routers, switches, firewalls, and other devices managed remotely over the web, have become a key factor in recent cyber exploits. In recent years, the number of cyberattacks that target technologies has grown dramatically. The directive aims to mitigate the risks associated with internet-facing protocols and enhance the overall security of federal agencies and critical infrastructure.
Why the Directive has been Issued
The directive has been issued in response to recent threat campaigns that have highlighted the grave risks posed by improperly configured network devices. Malicious actors can use a range of techniques to exploit inadequate security, misconfigurations, and outdated software in assets.
This directive aims to address these vulnerabilities and improve the security posture of federal agencies. By implementing the directive CISA aims to improve the security posture of organizations by reducing the likelihood of a data breach, unauthorized access, or disruption of critical services.
Actions Required by the Directive
CISA's directive, BOD 23-02, outlines several specific actions to be taken to identify misconfiguration in internet-facing assets. These actions include:
Network Scans: CISA will conduct scans of federal agency networks to identify web-connected "networked management interfaces" that pose vulnerabilities. This proactive approach helps agencies identify and assess potential risks.
Any interface that is accessible over network protocols and used for administrative activities of the following systems will be scanned for vulnerabilities:
- VPN concentrators
- Load balancers
- Out of band server management interfaces (such as iLo and iDRAC)
Notification and Remediation: Upon completing the scans, it will notify agencies about any findings related to web-connected assets. Agencies have 14 days after notification or self-discovery to remove the interface from the internet, making it accessible only from internal enterprise networks or via a separate security policy enforcement point.
Reporting and Support: CISA will provide agencies with a reporting dashboard and standard remediation plan templates if the required remediation efforts exceed the specified timeframes. This support aims to assist agencies in efficiently addressing vulnerabilities and reducing risks.
Who the Directive Applies to
The Directive is compulsory for federal, executive branch, departments and agencies in the United States, which are required to follow the directive and its implementation guidance. CISA’s guidance should be considered best practice and can enhance the security and resilience of critical infrastructure of other organizations.
By addressing misconfigurations and vulnerabilities in internet-facing assets, any organization can safeguard sensitive information and ensure the continuity of essential operations. Hadrian’s platform scans the internet to identify vulnerabilities, misconfigurations and exposed sensitive files. To aid remediation, Hadrian automatically prioritizes risks and provides step-by-step instructions.
To learn how your organization can align its security policies with CISA get in touch with one of our experts.