CISA and DOE Publish Cybersecurity Guidance to Protect UPS Devices

CISA and DOE Publish Cybersecurity Guidance to Protect UPS Devices

The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy (DOE) are aware of threat actors gaining access to a variety of internet-connected uninterruptible power supply (UPS) devices, often through unchanged default usernames and passwords. In a CISA and DOE Insights, organizations are provided with recommended actions to mitigate attacks against UPS devices.

Organizations should immediately enumerate all UPSs and similar systems and ensure they are not accessible from the internet. In the rare situation where a UPS or similar system’s management interface must be accessible from the internet, these devices should have compensating controls, such as ensuring the device or system is behind virtual private network, enforcing multifactor authentication, and applying strong, long passwords.

CISA and DOE recommend all organizations—regardless of size—review this joint Insights, apply recommended actions, and overall adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.

In addition to reviewing this joint Insights, CISA encourages critical infrastructure executives and senior leaders to review our “Shields Up” webpage at cisa.gov/shields-up. Also, organizations should report incidents and unusual activity to CISA 24/7 Operations Center at report@cisa.gov or (888) 282-0870.

Steve Lyddon
Protective Security Advisor, Region 5, Illinois
Cybersecurity and Infrastructure Security Agency
U.S. Department of Homeland Security
Cell:  217-299-3954 | steven.lyddon@cisa.dhs.gov