2023 年,在联邦机构举行的 CISA 红队演习中发现,由于严重的安全漏洞,5 个月内未被发现的恶意活动。 2023 CISA red team exercise at a federal agency revealed undetected malicious activity for 5 months due to critical security weaknesses.
2023 年,CISA 在一家未具名的联邦民事行政部门机构进行了 SILENTSHIELD 红队演习,暴露了未修补的漏洞、事件响应不足和凭证管理薄弱等严重安全漏洞。 CISA conducted a SILENTSHIELD red team exercise at an unnamed federal civilian executive branch agency in 2023, exposing critical security weaknesses like unpatched vulnerabilities, inadequate incident response, and weak credential management. 该机构五个月来都未能检测到恶意活动。 The agency failed to detect malicious activity for 5 months. CISA 的研究结果强调,机构需要采用纵深防御原则、网络分段和安全设计实践。 CISA's findings highlight the need for agencies to adopt defense-in-depth principles, network segmentation, and Secure-by-Design practices.