NSA, CISA release Kubernetes Hardening Guidance

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance,”. This report details threats to Kubernetes environments and provides configuration guidance to minimize risk.

Kubernetes is an open source system that automates the deployment, scaling, and management of applications run in containers. Kubernetes clusters are often hosted in a cloud environment, and provide increased flexibility from traditional software platforms.

Kubernetes is commonly targeted for three reasons: data theft, computational power theft, or denial of service. Data theft is traditionally the primary motivation; however, cyber actors may attempt to use Kubernetes to harness a network’s underlying infrastructure for computational power for purposes such as cryptocurrency mining.

The report details recommendations to harden Kubernetes systems. Primary actions include the scanning of containers and Pods for vulnerabilities or misconfigurations, running containers and Pods with the least privileges possible, and using network separation, firewalls, strong authentication, and log auditing.

To ensure the security of applications, system administrators should follow the guidance in the Cybersecurity Technical Report and keep up to date with patches, updates, and upgrades to minimize risk. NSA and CISA also recommend periodic reviews of Kubernetes settings and vulnerability scans to ensure appropriate risks are accounted for and security patches are applied.

NSA and CISA’s guidance focuses on security challenges and recommends system administrators harden their environments where possible. NSA is releasing this guidance as part of our mission to support the Department of Defense, the Defense Industrial Base, and National Security Systems.