Emergency Directive 21-01 for Widespread Cyber Exploitation
The DHS Cybersecurity and Infrastructure Agency (CISA) has issued Emergency Directive 21-01 for widespread cyber exploitation of the SolarWinds software platform. This intrusion achieves broad penetration and long-term undetected presence in victim networks, allowing for exfiltration of victim data. Although Executive Directive 21-01 applies to Federal agencies, the recommended mitigation procedures warrant the water sector’s close attention.
EPA wants to ensure that all members of the Water and Wastewater Systems sector are aware of this directive so that they can execute the recommended mitigation procedures if they use the affected software.
Please note: Emergency Directive 21-01 clarifies other recommended actions previously provided by CISA and SolarWinds.