Federal Communications Commission	"FCC/DA  XX-XXX"



April 7, 2022

FCC URGES COMMUNICATIONS COMPANIES THAT USE UNINTERRUPTIBLE POWER SUPPLY DEVICES TO TAKE ACTION AGAINST THREATS
	The Federal Communications Commission encourages communications companies that use uninterruptable power supply (UPS) devices as either a primary or backup power source to review the Joint Cybersecurity Advisory (Cybersecurity and Infrastructure Security Agency (CISA) and Department of Energy (DOE)), Mitigating Attacks Against Uninterruptible Power Supply Devices.  Those agencies have become aware of threat actors gaining access to a variety of internet-connected UPS devices, often through unchanged default usernames and passwords.  CISA and DOE recommend that communications companies, along with all other critical infrastructure entities, immediately enumerate all UPSs and similar systems and ensure they are not accessible from the internet; when a UPS or similar system’s management interface must be accessible from the internet, these devices should have compensating controls, such as ensuring the device or system is behind virtual private network, enforcing multifactor authentication, and applying strong, long passwords.

For more information about this Joint Cybersecurity Advisory, please contact CISA Central at email: central@cisa.dhs.gov.  


-FCC -



2