The US Cybersecurity and Infrastructure Safety Company (CISA) and the Nationwide Safety Company (NSA) have collectively printed a brand new information to help system directors in securing identification and entry administration (IAM) infrastructure.
The doc is a part of the companies’ Enduring Safety Framework (ESF). It contains advisable finest practices to counter IAM threats associated to identification governance, environmental hardening, identification federation/single sign-on, multi-factor authentication (MFA) and IAM auditing and monitoring.
Within the information, CISA and NSA point out just a few assaults in recent times that leveraged vulnerabilities in IAM merchandise and implementations to focus on vital infrastructure.
“In 2021, compromised credentials have been used to assault and shut down the Colonial nationwide gasoline pipeline within the US,” reads the doc. “[Months earlier], an unknown attacker manipulated laptop methods in a Florida water remedy plant to extend the focus of sodium hydroxide within the water provide.”
The report additionally mentions the 2022 assault focusing on a water remedy plant in South Staffordshire, UK.
Learn extra on current vital infrastructure assaults right here: NCSC Issued 34 Million Cyber Alerts in Previous Yr
“Crucial infrastructure organizations have a specific duty to implement, keep and monitor safe IAM options and processes to guard not solely their very own enterprise features and knowledge but in addition the organizations and people with whom they work together,” reads the information.
To assist these companies in reaching greater ranges of safety, the information offers a framework to allow them to evaluate present IAM capabilities and threat posture. It highlights strategies to enhance areas, together with deciding on, layering, integrating and adequately configuring safe options.
System directors must also keep the suitable degree of safety to handle threat throughout continued operations, in addition to foster consciousness of appropriate IAM utilization and dangers.
The CISA advisory comes a few months after a SecurityScorecards report advised nearly half of all vital manufacturing organizations are at present weak to a breach.
