News | March 15, 2022

NSA, CISA release Kubernetes Hardening Guidance

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) updated the Cybersecurity Technical Report, “Kubernetes Hardening Guidance,” today. The changes involved general clarifications throughout as well as additions to logging and threat detection.

NSA and CISA appreciate the feedback received on the initial release last August from numerous partners and the cybersecurity community. Your support helped improve the report and make it more useful to administrators of Kubernetes environments.

Feedback like this from both industry and government strengthens security at scale, by helping NSA and CISA capture more comprehensive guidance based on the full picture of threats and vulnerabilities.

Kubernetes is an open source system that automates the deployment, scaling, and management of applications run in containers. Kubernetes clusters are often hosted in a cloud environment, and provide increased flexibility from traditional software platforms.

Kubernetes is commonly targeted for three reasons: data theft, computational power theft, or denial of service. Data theft is traditionally the primary motivation; however, cyber actors may attempt to use Kubernetes to harness a network’s underlying infrastructure for computational power for purposes such as cryptocurrency mining.

The report details recommendations to harden Kubernetes systems. Primary actions include the scanning of containers and Pods for vulnerabilities or misconfigurations, running containers and Pods with the least privileges possible, and using network separation, firewalls, strong authentication, and log auditing.

To ensure the security of applications, system administrators should follow the guidance in the Cybersecurity Technical Report and keep up to date with patches, updates, and upgrades to minimize risk. NSA and CISA also recommend periodic reviews of Kubernetes settings and vulnerability scans to ensure appropriate risks are accounted for and security patches are applied.

NSA and CISA’s guidance focuses on security challenges and recommends system administrators harden their environments where possible. NSA is releasing this guidance as part of our mission to support the Department of Defense, the Defense Industrial Base, and National Security Systems.

Read the full advisory here.

Visit our full library for more cybersecurity information and technical guidance.