The National Security Agency (NSA from the National Security Agency) and the Cybersecurity and Infrastructure Security Agency (CISA) today released a Cyber Security Technical Report. It is called "Kubernetes Hardening Guidance”(Download the PDF).
The publication describes in detail the threats to Kubernetes environments and provides configuration instructions to minimize the risk.
Kubernetes is an open source system that automates the development, scaling, and management of applications running on containers. Kubernetes clusters are often hosted in a cloud environment and provide additional flexibility compared to traditional software platforms.
Kubernetes are usually attacked for three reasons: for data theft, theft of computing power or its use in denial of service attacks. Data theft is traditionally the main motive of attackers. However, malicious users may attempt to use Kubernetes to exploit the underlying infrastructure of a computing power grid for cryptocurrency mining.
The report describes in detail how you can secure Kubernetes systems. Key actions include scanning containers and Pods for vulnerabilities or incorrect settings, running Containers and Pods with minimal privileges and using network separation, firewalls, strong authentication and logging.
To ensure application security, system administrators should follow the instructions in the Technical Report and update their systems to minimize the risk. The NSA and CISA also recommend periodic revisions of Kubernetes settings and vulnerability scans to ensure that security fixes are applied.
The NSA and CISA guidelines focus on security challenges and advise system administrators to "harden" their environment where possible. The NSA has released this guide in support of the Department of Defense, the Industrial Defense Base, and the National Security Systems.
Of course, to "fix" her profile a bit, since everyone from Snowden onwards knows what work she does as a service.