Search AFCEA Site

Enable breadcrumbs token at /includes/pageheader.html.twig

U.S. Coast Guard and CISA Issue Joint Cybersecurity Advisory

A proactive threat hunt identified vulnerabilities within an organization.
By Nuray Taylor
The U.S. Coast Guard and the Cybersecurity and Infrastructure Security Agency have released a joint cybersecurity advisory. Artificial intelligence-generated Adobe Stock image by weerasak.
The U.S. Coast Guard and the Cybersecurity and Infrastructure Security Agency have released a joint cybersecurity advisory. Artificial intelligence-generated Adobe Stock image by weerasak.

 

A joint effort by the U.S. Coast Guard (USCG) and Cybersecurity and Infrastructure Security Agency (CISA) has helped identify cybersecurity risks across sectors. An advisory released by the USCG and CISA hunt team encourages proactivity.

“CISA led a proactive hunt engagement at a U.S. critical infrastructure organization with the support of USCG analysts,” the report states. “During hunts, CISA proactively searches for evidence of malicious activity or malicious cyber actor presence on customer networks.”

According to the report, the unnamed organization invited CISA to conduct the proactive hunt.

While malicious cyber activity or presence was not detected during the operation, various vulnerabilities were found. The list of cybersecurity risks includes insecurely stored credentials, unrestricted remote access, insufficient logging and more.

Along with listing out all potential vulnerabilities, the report offers recommended solutions for mitigating all risks. The National Institute of Standards and Technology’s Cross-Sector Cybersecurity Performance Goals and the USCG Cyber Command’s 2024 Cyber Trends and Insights in the Marine Environment Report are highlighted.

The mitigations were listed in order of importance, with password storage taking precedence. “Do not store passwords or credentials in plaintext,” the report reads. “Instead, use secure password and credential management solutions such as encrypted password vaults, managed service accounts or built-in secure features of deployment tools.”

Another finding was insufficient network segmentation configuration between information technology (IT) and operational technology environments. “Standard user accounts could directly access the supervisory control and data acquisition (SCADA) virtual local area network (VLAN) directly from IT hosts,” the advisory states.

The third key finding referenced log retention and implementation, citing the organization’s insufficient event logging system.

“The absence of comprehensive and detailed logs, along with a lack of an established baseline for normal network behavior, prevented CISA from performing thorough behavior and anomaly-based detection.”

Read the full joint CISA and USCG cybersecurity advisory.

 

Comments

The content of this field is kept private and will not be shown publicly.
About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
Enjoying SIGNAL?
SIGNAL Magazine is available through subscription or as part of your membership in AFCEA.
SUBSCRIBE NOW
LEARN MORE
JOIN AFCEA