On December 10th, 2021, a serious flaw was discovered in the widely used Java logging library Apache Log4j. According to the Cybersecurity & Infrastructure Security Agency (CISA), a remote attacker could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services.
Major tech players, including Amazon Web Services, Microsoft, Cisco, Google Cloud, Apple and IBM have all found that at least some of their services were vulnerable and have been rushing to issue fixes and advise customers about how best to proceed. The exact extent of the exposure is still coming into view. However, as hardware and software vendors have used Log4j for many years, the impact of this is expected to be widespread.
WHAT IS ICS DOING TO IDENTIFY AND MITIGATE THIS RISK?
Immediately upon being notified of the vulnerability, ICS began to work with our key technology providers to review their software and tools to identify if any of them use the impacted log4j components in their products or infrastructure. At this moment, all ICS vendors have either stated that their products are either not impacted, have implemented mitigating controls, or are in the process of reviewing their product for any potential exposures. We are also implementing tools to scan customer workstations and services in an effort to identify potentially vulnerable machines.
WHAT SHOULD OUR CUSTOMERS BE DOING?
At this time, ICS encourages that all customers follow the recommendations established by CISA. Some of the key action items are:
· Reach out to all Information Technology services vendors (this can include hardware, software, phone systems, cameras, access controls or any vendor you share data with) to identify how their products may have been impacted by Log4j. Confirm with them if their products have been patched or if they have a mitigation plan.
· If you are using any impacted products, immediately patch, disable or isolate these products to prevent exposure on your networks.
· Implement strong security controls such as an EDR (Endpoint Detect and Respond) and SIEM (Security Information and Event Management) services to help identify any potential malicious activity.
For more technical guidance, please see the following link from CISA. If you have any questions about this, please do not hesitate to reach out to your ICS Account Manager.