CSAT Team Takes Action to Protect Websites from Imminent Cybersecurity Threats

In December 2021, the Chemical Security Assessment Tool (CSAT) Primary Systems Team acted quickly to protect the system from imminent cybersecurity threats from ongoing Cross-Site Scripting (XSS) attacks and from the newly identified Apache Log4Shell exploit. 

The vulnerabilities are as follows:

• XSS attacks occur when bad actors attempt to access sensitive information from either backend servers or client-side systems, such as cookies and passwords. Web application firewalls (WAFs) are a first line of defense wherein common Uniform Resource Locator (URL) patterns are analyzed to detect and block known attacks.
• Log4Shell is a critical, zero day exploit that can leave Apache Log4j users vulnerable to attacks executing code remotely on a target computer, stealing data, installing malware, or taking control of the system. Log4j is a free, open-source Java-based logging utility that is used widely across the internet by software developers as a library to log activity, including auditing and data tracking.

The CSAT Primary Systems Team, led by Brad Nance, Group Leader of the Performance Engineering Group, and Kellen O’Connor, systems engineer, implemented system changes to enhance system security and to address an increase in the frequency of attempts by bad actors to exploit known vulnerabilities.

The team implemented two changes to the Pulse Connect Secure© (PCS©) configuration. The first change added a "Completely Automated Public Turing test to tell Computers and Humans Apart" (CAPTCHA) challenge as a pre-authorization page, which must be solved prior to the creation of a user session (i.e., in order to access unauthenticated CSAT websites). The second change added known XSS attack URL pattens to deny web access control lists (ACLs) to detect and block access to back-end system resources.

CSAT is an essential element in U.S. Department of Homeland Security (DHS) implementation of the Chemical Facility Anti-Terrorism Standards (CFATS), helping protect the nation's critical infrastructure in the chemical sector from acts of terrorism.