CISA finally issues guidance on cyber issues with Uninterruptible Power Supplies (UPSs)

March 29, 2022
After years of prodding and multiple UPS cyber incidents (https://www.controlglobal.com/blogs/unfettered/cyber-vulnerable-uninterruptible-power-supplies-upss-have-caused-physical-damage-to-data-centers), March 29, 2022, CISA has finally stepped up and issued guidance on some aspects of UPS cyber vulnerabilities - https://www.cisa.gov/sites/default/files/publications/CISA-DOE_Insights-Mitigating_Vulnerabilities_Affecting_Uninterruptible_Power_Supply_Devices_Mar_29.pdf. This is certainly welcome progress.  However, more work is still needed to address other aspects of insecure building and data center control systems: insecure process sensors, Power Distribution Units, insecure UPS protocols such as Simple Network Management Protocol (SNMP), Modbus, and BACnet (even with the use of VPNs), etc. Hopefully, CISA extends their work to these issues as well.

After years of prodding and multiple UPS cyber incidents (https://www.controlglobal.com/blogs/unfettered/cyber-vulnerable-uninterruptible-power-supplies-upss-have-caused-physical-damage-to-data-centers), March 29, 2022, CISA has finally stepped up and issued guidance on some aspects of UPS cyber vulnerabilities - https://www.cisa.gov/sites/default/files/publications/CISA-DOE_Insights-Mitigating_Vulnerabilities_Affecting_Uninterruptible_Power_Supply_Devices_Mar_29.pdf. This is certainly welcome progress.  However, more work is still needed to address other aspects of insecure building and data center control systems: insecure process sensors, Power Distribution Units, insecure UPS protocols such as Simple Network Management Protocol (SNMP), Modbus, and BACnet (even with the use of VPNs), etc. Hopefully, CISA extends their work to these issues as well.

Joe Weiss

About the Author

Joe Weiss | Cybersecurity Contributor

Joe Weiss P.E., CISM, is managing partner of Applied Control Solutions, LLC, in Cupertino, CA. Formerly of KEMA and EPRI, Joe is an international authority on cybersecurity. You can contact him at [email protected]

Sponsored Recommendations

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...
Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...
Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...
Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...