CISA finally issues guidance on cyber issues with Uninterruptible Power Supplies (UPSs)

After years of prodding and multiple UPS cyber incidents (, March 29, 2022, CISA has finally stepped up and issued guidance on some aspects of UPS cyber vulnerabilities –

This is certainly welcome progress.  However, more work is still needed to address other aspects of insecure building and data center control systems: insecure process sensors, Power Distribution Units, insecure UPS protocols such as Simple Network Management Protocol (SNMP), Modbus, and BACnet (even with the use of VPNs), etc. Hopefully, CISA extends its work to these issues as well.

Control Systems Cybersecurity Expert, Joseph M. Weiss, is an international authority on cybersecurity, control systems and system security. Weiss weighs in on cybersecurity, science and technology, security emerging threats and more.