Act Now: Members are urged to address this information with the utmost scrutiny and timeliness.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy published a joint Insights providing information on mitigating attacks against uninterruptable power supply (UPS) devices. UPS systems offer clean and emergency power in a variety of applications when normal input power sources are lost. The advisory notes the U.S. government is aware threat actors are gaining access to a variety of internet-connected UPS devices, typically via unchanged default usernames and passwords. The advisory lists recommended actions for organizations to take now and actions specific to incident response. The advisory stresses that entities “Immediately enumerate all UPSs and similar systems and ensure they are not accessible from the internet.” Access the Insights at CISA.