Warning of Cyberattacks on Backup Power Devices
WASHINGTON — There’s a new warning about cyberattacks on uninterruptible power supplies — essentially the backup batteries that allow near-continuous operation when there is a power failure.
The Federal Communications Commission issued this warning Thursday to communications companies that often use these backups to keep the power on continuously. When connected to the internet for power monitoring and maintenance, these uninterruptible power supplies can easily be attacked because of unchanged default usernames and passwords, according to the FCC.
When connected to the internet, these particular devices are susceptible to attacks because they operate on a simple network management protocol, which isn’t encrypted and allows easier access to people potentially conducting a cyberattack. Once someone can access that specific device, there is easier access to other devices on the same network.
This warning also comes from the Cybersecurity and Infrastructure Security Agency and the Department of Energy for anyone working in communications and critical infrastructure using these backup electric products. This comes as the country is under heightened awareness of cyberattacks on critical infrastructure as the United States mounts sanctions on Russia for its war in Ukraine.
Groups in Russia have been linked to cyberattacks on U.S. infrastructure, including the Colonial Pipeline ransomware attack in 2021 that cut off a main company gas pipeline.
The agency is asking companies to change usernames and passwords for these devices if they are set to the factory default. People can further protect their devices or systems by ensuring they are behind a virtual private network, enforcing multifactor authentication, and applying strong, long passwords.
People are encouraged to report cyberattacks and suspicious activity to CISA’s 24/7 operations center at [email protected] or 888-282-0870.
Madeline can be reached at [email protected]