Yes, you read that right.
Since cyberattackers use Tor to mask and hide their online identification, CISA (Cybersecurity and Infrastructure Security Agency) and the FBI are teaching private companies measures to detect activities that are malicious and mitigate cyber threats. Measures includes:
• Most restrictive approach: Block all web traffic to and from public Tor entry and exit nodes (does not completely eliminate the threat of malicious actors using Tor for anonymity, as additional Tor network access points, or bridges, are not all listed publicly.)
• Less restrictive approach: Tailor monitoring, analysis, and blocking of web traffic to and from public Tor entry and exit nodes: orgs that do not wish to block legitimate traffic to/from Tor entry/exit nodes should consider adopting practices that allow for network monitoring and traffic analysis for traffic from those nodes, and then consider appropriate blocking. This approach can be resource-intensive but will allow greater flexibility and adaptation of defensive. Legitimate usage examples: deployed military or other overseas voters.
• Blended approach: Block all Tor traffic to some resources, allow and monitor for others (i.e., intentionally allowing traffic to/from Tor only for specific websites and services where legitimate use may be expected and blocking all Tor traffic to/from non-excepted processes/services). This may require continuous re-evaluation as an entity considers its own risk tolerance associated with different applications. The level of effort to implement this approach is high.
Summary:
https://www.bleepingcomputer.com/news/security/us-govt-shares-tips-on-defending-against-cyberattacks-via-tor/Full report:
https://www.us-cert.gov/ncas/alerts/aa20-183aEducating the public is a good approach by Government agencies I must say.
