CISA orders state infrastructure to be put offline

Federal U.S. government agencies were ordered two weeks ago to take offline interfaces of routers, switches, firewalls, VPN’s, load balancers and proxies that can be accessed from the Internet, but hundreds of Web interfaces are still online, according to security firm Censys. The order issued earlier this month came from the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). That states that attackers are increasingly managing to compromise organizations via misconfigured network devices.

In recent months, a variety of vulnerabilities have been found in network devices that can be exploited through the management interface, for example. It also happens that the devices are misconfigured or otherwise poorly secured. “The risk is further increased if management interfaces can be accessed directly from the public Internet. Most management interfaces are designed to be accessed from separate physical interfaces or management networks and should not be accessible from the public Internet,” CISA said.

CISA has the ability to require federal government agencies to take certain actions through a “Binding Operational Directive.” The latest Binding Operational Directive, numbered “23-02,” aims to eliminate the risks of “Internet exposed management interfaces.” These are management interfaces v