American cybersecurity agencies have warned that controllers of maintenance boards (BMC) are a weak link in critical infrastructure systems. The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have outlined recommendations and measures to eliminate vulnerabilities in the BMC controllers, which can be exploited by attackers to access networks and data. BMC devices make remote control and computer and server control possible even when the system is turned off, making them attractive to attackers due to their high level of privileges and accessibility from the network. The measures include protecting data protection, updating firmware, separation of VLAN and control integrity, transferring highly sensitive working data to secure devices, periodic use of firmware scan tools, and treating unused BMC as potential safety risks. The CISA and NSA hope that by implementing the measures, organizations can increase the security level of their BMC and reduce the risk of potential cyber attacks.
The warning comes just a few weeks after the British National Cybersecurity Center (NCSC) and other international security agencies issued a warning against Chinese cyber attacks targeting the network of critical national infrastructure in the USA. Jennifer Estherley, director of CISA, has urged all organizations managing servers to use the recommended actions in the manual.
The joint leadership report by the CISA and NSA is available here: https://media.defense.gov/2023/jun/14/2003241405/-1/0/csi_harden_bmcs.pdf
The warning against Chinese cyber attacks is available here: https://media.defense.gov/2023/may/24/20032295177-1/-1/0/csa_living_off_The_land.pdf