ML21064A380
| ML21064A380 | |
| Person / Time | |
|---|---|
| Issue date: | 03/10/2021 |
| From: | Sabrina Atack Division of Security Operations |
| To: | |
| Yip B | |
| References | |
| SA 2021-05 | |
| Download: ML21064A380 (3) | |
Text
March 10, 2021 SECURITY ADVISORY FOR POWER REACTORS, INCLUDING THOSE UNDER CONSTRUCTION; NONPOWER PRODUCTION AND UTILIZATION FACILITIES; DECOMMISSIONING REACTORS, INCLUDING THOSE THAT ARE PERMANENTLY DEFUELED BUT HAVE NOT TRANSITIONED TO DECOMMISSIONING; FUEL FABRICATION, ENRICHMENT, AND CONVERSION/DECONVERSION FACILITIES; INDEPENDENT SPENT FUEL STORAGE INSTALLATIONS; LICENSEES POSSESSING SPECIAL NUCLEAR MATERIAL UNDER TITLE 10 OF THE CODE OF FEDERAL REGULATIONS PART 70; LICENSEES REGULATED UNDER TITLE 10 OF THE CODE OF FEDERAL REGULATIONS PART 37; AND ALL RADIATION CONTROL PROGRAM DIRECTORS AND STATE LIAISON OFFICERS SA 2021-05
SUBJECT:
SITUATIONAL AWARENESSMICROSOFT EXCHANGE SERVER VULNERABILITIES The U.S. Nuclear Regulatory Commission (NRC) is issuing this security advisory to provide situational awareness to its licensees and Agreement States. On March 3, 2021, the U.S.
Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) published Alert AA21-062A, Mitigate Microsoft Exchange Server Vulnerabilities (https://us-cert.cisa.gov/ncas/alerts/aa21-062a), which describes several identified vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute arbitrary code on vulnerable Microsoft Exchange Server products, enabling the attacker to gain persistent system access, as well as access to files and mailboxes on the server and to credentials stored on that system.
While the NRC is not aware of specific threats to exploit this vulnerability targeting NRC-regulated activities, CISA partners have observed active exploitation of these vulnerabilities.
The CISA alert discusses tactics, techniques, and procedures and the indicators of compromise associated with this malicious activity, as well as mitigative actions. The NRC recommends that all addressees review the CISA alert and associated releases (https://www.cisa.gov/publication/mitigate-microsoft-exchange-premise-product-vulnerabilities),
and take mitigative actions as appropriate, in accordance with applicable licensee cybersecurity plans and procedures.
Suspicious activity reporting is important to the U.S. Governments security mission. The NRC encourages its licensees to remain vigilant and report cyber-related suspicious activity to CISA.
Licensees subject to Title 10 of the Code of Federal Regulations (10 CFR) 73.54, Protection of digital computer and communication systems and networks, are reminded of their obligation to report to the NRC certain cyber-related events under 10 CFR 73.77, Cyber security event notifications.
If you have any questions concerning this advisory, contact the technical point of contact below.
Backfit Analysis Statement: This security advisory does not amend or impose new requirements or constitute a new or different regulatory staff position interpreting Commission rules and, therefore, does not constitute backfitting as defined in 10 CFR 50.109, Backfitting, or 10 CFR 70.76, Backfitting, or 10 CFR 72.62, Backfitting. Consequently, the staff did not perform a backfit analysis.
Paperwork Reduction Act Statement: This security advisory does not contain information collections and, therefore, is not subject to the requirements of the Paperwork Reduction Act of 1995 (Title 44 of the United States Code, Section 3501, et seq.).
Approved by: /RA____________________
Sabrina D. Atack, Director Division of Security Operations Office of Nuclear Security and Incident Response Technical
Contact:
Brian Yip, NSIR 301-415-3154 brian.yip@nrc.gov 2
ML21064A380 OFFICE NSIR/DSO/SOSB QTE NSIR/DSO/SOSB NSIR/DSO/ILTAB NAME BYip KAzariah-Kribbs TKeene JWhitney for RRichardson DATE 03/05/2021 03/05/2021 03/08/2021 03/08/2021 OFFICE NSIR/DPCP/CSB NSIR/DSO NSIR/DPR NSIR/DPCP NAME JBeardsley SAtack KBrock SHelton DATE 03/08/2021 03/08/2021 03/08/2021 03/08/2021 OFFICE NRR/DRO NRR/DNRL NRR/DANU NMSS/DUWP NAME GSuber for RCaldwell for MShams PHolahan CMiller ABradford DATE 03/08/2021 03/08/2021 03/08/2021 03/08/2021 OFFICE NMSS/DFM NMSS/MSST OGC NSIR:OD NAME CRegan for KWilliams NStAmour MGavrilas AKock DATE 03/08/2021 03/08/2021 03/09/2021 03/09/2021 OFFICE NSIR/DSO NAME SAtack DATE 03/10/2021