With the first batch of COVID-19 vaccines making their way across the country, the Cybersecurity and Infrastructure Security Agency (CISA) has issued guidelines for keeping cold storage facilities safe from cyberthreat actors.
“Cyber threat actors have shown an interest in targeting IT assets that support the vaccine cold chain and cold storage facilities,” the guidance said. “Physical or cyber disruptions to the ability of the nation to maintain supplies of COVID-19 vaccines at sufficiently cold temperatures could interfere with the nation’s ability to protect its citizens from illness and further delay full economic recovery.”
In addition to general security advice like avoiding the use of default passwords, CISA recommends that storage facilities disable any remote connectivity when not in use, make sure that “cold-chain assets” are not visible on search engines, and have analog thermometers available for independently verifying temperatures facilities.
CISA also instructs facility operators to know who to call in an emergency, and to have well-rehearsed plans in place if cold storage facilities.
The agency’s guidance draws on a Dec. 3 notification from IBM X-Force that malicious actors are targeting the COVID-19 cold chain through phishing and spearphishing campaigns.