On January 5th 2021, the NSA | CSS (National Security Agency Central Security Service) issued a report offering guidance on Eliminating Obsolete TLS Protocol Configurations. The guide highlights evidence that using obsolete TLS configurations provides a false sense of security since it looks like the data is protected, even though it really is not. NSA Leverages its technical capability to develop advisories and mitigations on evolving cybersecurity threats. NSA's three page document covers key areas of focus such as: obsolete TLS versions, obsolete cipher suites, obsolete key exchange mechanisms, recommended TLS configurations, detection strategy, and remediation.
Obsolete TLS provides a false sense of security. Over time, new attacks against TLS and the algorithms it uses have been discovered. The standards and most products have been updated, but implementations often have not kept up. Network connections employing obsolete protocols are at an elevated risk of exploitation by adversaries.
By using the following guidance, government network owners can make informed decisions to enhance their cybersecurity posture.
Since these risks affect all networks, all network owners and operators should consider taking these actions to reduce their risk exposure and make their systems harder targets for malicious threat actors.
The E-ISAC has not established any specified threat to the electricity community based upon this information. If any adversarial action is experienced, contact the E-ISAC Watch Operations Team, and create a Portal Post for instant community awareness.
NSA | Eliminating Obsolete TLS Protocol Configurations
Cybersecurity Advisories & Technical Guidance
Infographic on obsolete TLS
- Canadian CERTs
- CRISP - Cyber Risk Info Sharing Program
- DHS - NICC, NCCIC, US-CERT, etc
- DOE Complex
- E-ISAC AOO Members
- E-ISAC Staff
- FBI, LE Fusion
- FERC - OEIS, etc
- International (other ISACs, CERTs)
- Other (inc. local/state commissions)
- Trade Organizations
- Watch Floor