CISA’s CSAT Tool Hacked, Systems Taken Offline

Posted by Peter Tolan 2 years Ago

 

The Cybersecurity and Infrastructure Security Agency’s (CISA) Chemical Security Assessment Tool (CSAT) experienced a cybersecurity breach between January 23 and January 26, 2024, by a malicious actor.

This incident has caused significant concern within the cybersecurity community as it potentially exposed sensitive data including Top-Screen surveys, Security Vulnerability Assessments, Site Security Plans, Personnel Surety Program (PSP) submissions, and CSAT user accounts.

Despite the investigation revealing no evidence of data being extracted, the possibility of unauthorized access has led to immediate and proactive measures.

Response and Recommendations

In line with the Federal Information Security Modernization Act (FISMA), CISA quickly informed participants in the Chemical Facility Anti-Terrorism Standards (CFATS) program about the breach and the types of information that may have been compromised.

CISA is encouraging facilities to enhance their cyber and physical security practices. Although there is no indication that credentials were stolen, CISA advises all CSAT account holders to change their passwords, especially if they use the same password across multiple platforms, to prevent “password spraying” attacks.

CISA has also recommended that organizations using Ivanti appliances should consult the Cybersecurity Alert (AA24-060B) which details vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways that could be exploited.

CISA noted that it does not hold address or contact information for individuals vetted under the CFATS Personnel Surety Program and therefore cannot directly contact those individuals.

Notification and Support

CISA has issued a CSAT Ivanti Notification Letter to facilities, asking them to notify individuals who were submitted for vetting under the CFATS Personnel Surety Program about the breach. Facilities can use a provided template letter for this communication. Alternatively, if facilities opt not to notify these individuals directly, they are asked to furnish CISA with the contact details of the affected personnel so that CISA may undertake the notifications.

To further assist stakeholders, CISA is hosting two webinars to discuss the details of the incident and respond to frequently asked questions.

These webinars are scheduled for Monday, June 24, 2024, at 2:30 pm ET (11:30 am PT) and Tuesday, July 9, 2024, at 2:30 pm ET (11:30 am PT).

Facilities impacted by the breach should send the contact information for affected personnel to [email protected]. This proactive communication will help manage the situation and mitigate potential risks arising from the breach.

Source: cybersecuritynews.com

Peter Tolan
View More Posts
Peter Tolan is a Junior Content Editor for the HIPTHER network, where he has quickly established himself as a versatile voice in the global iGaming and technology sectors. Operating across the network's specialized platforms, Peter leverages a deep understanding of the European and American gaming landscapes to deliver high-impact, B2B intelligence. He is a key contributor to the "Evolution" side of the industry, specializing in the analysis of online gaming trends, the fast-paced world of esports, and the integration of deep-tech innovations. With a sharp eye for emerging technologies, Peter ensures that the HIPTHER community remains at the forefront of the global digital revolution.