CISA's CSAT Tool Hacked, Systems Taken Offline
The Cybersecurity and Infrastructure Security Agency (CISA) experienced a significant cyber incident when their Chemical Security Assessment Tool (CSAT) was targeted by malicious actors from January 23-26, 2024. This breach has led to serious concerns within the cybersecurity community.
Potential Exposure
The attack potentially exposed critical information, including:
- Top-Screen surveys
- Security Vulnerability Assessments
- Site Security Plans
- Personnel Surety Program (PSP) submissions
- CSAT user accounts
While there is no hard evidence that data was exfiltrated, the chance of unauthorized access required immediate action.
Response and Recommendations
In line with the Federal Information Security Modernization Act (FISMA), CISA swiftly informed participants in the Chemical Facility Anti-Terrorism Standards (CFATS) program about the breach and the possibly compromised information.
What Should You Do?
-
Bolster Cyber and Physical Security Measures:
- Although no credentials are confirmed to be stolen, CISA recommends resetting passwords, especially if you use the same password for multiple accounts.
-
Ivanti Appliances:
- If you are utilizing Ivanti appliances, it’s crucial to review the Cybersecurity Alert (AA24-060B) due to multiple vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways.
-
Notification of Individuals:
- CISA did not collect address or contact information for individuals checked under the CFATS Personnel Surety Program. Hence, it cannot notify them directly.
Notification and Support
Facilities that received the CSAT Ivanti Notification Letter should inform individuals vetted under the CFATS Personnel Surety Program about the breach. CISA has provided a template letter for this notification. Alternatively, facilities can give contact information of these individuals to CISA so that CISA can manage the notifications.
Upcoming Webinars
CISA is organizing two webinars to help stakeholders understand the event better and answer common questions:
- Monday, June 24, 2024 at 2:30 PM ET (11:30 AM PT)
- Tuesday, July 9, 2024 at 2:30 PM ET (11:30 AM PT)
Takeaway: This incident is a stark reminder of the importance of strong cybersecurity practices. Reset your passwords, review security protocols, and stay informed through CISA's resources to maintain robust security.