- CISA has issued a binding operational directive requiring the removal of unsupported peripheral devices
- They pose “disproportionate and unacceptable risks” that can be easily remedied
- All organizations should focus on renewing hardware, not just the government.
The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a new warning to federal agencies to remove edge devices that have reached or passed end of support (EOS) over security concerns.
US government agencies have been given the next year to remove affected devices and replace them with equipment still covered by vendors’ security updates.
The push comes against a backdrop of increasing cyberattacks, with threat actors targeting vulnerable devices that are no longer receiving security patches.
US government asked to remove unsupported devices
The agency described edge devices as those that can be accessed over the public Internet, such as firewalls, routers, switches, wireless access points, network security devices and IoT edge devices.
CISA said devices that are past their expiration date now pose “disproportionate and unacceptable risks” to federal systems. However, despite the risk that some agencies may pose to the US government, CISA said it is one that “can be remedied.”
“Agencies should mature their lifecycle management practices to identify hardware and software that are approaching their EOS dates, plan for timely replacements, procure vendor-supported alternatives, and develop a plan to decommission EOS devices while minimizing disruptions to agency operations,” the binding operational directive (BOD 26-02) reads.
CISA also reminded agencies of Memorandum M-22-09 (US Government Movement toward Zero Trust Cybersecurity Principles), whereby they should adopt measures such as multi-factor authentication (MFA), proper asset management, isolation of critical workloads, and data encryption to maximize security.
Although CISA does not plan to make a list of affected devices public, the agency encourages all organizations (not just federal agencies) to follow the guidance due to the growing threats and easy remediation.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
