US cybersecurity officials are urging federal agencies and major organizations to remain vigilant against the threat of Russian cyberattacks amid the country’s ongoing invasion of Ukraine.
The Cybersecurity & Infrastructure Security Agency (CISA) has updated its “Shields Up” guidelines for organizations following Russia’s incursion into eastern Ukraine, urging officials to remain “resilience-focused”.
“Russia’s unprovoked attack on Ukraine, which has been accompanied by cyberattacks on the Ukrainian government and critical infrastructure organizations, could have consequences for our own country’s critical infrastructure, a potential that we been warning for months,” CISA said. advice States.
“While there are no specific or credible cyber threats to the American homeland at this time, we are aware of the potential for Russia’s destabilizing actions to impact organizations within and outside the United States. “outside the region, particularly in the wake of sanctions imposed by the United States and our allies. Every organization, large or small, must be prepared to respond to disruptive cyber activity,” he added.
The specter of a wide-ranging cyber war has grown after Russia’s invasion this week, with experts warning that Moscow could respond to retaliatory sanctions against the incursion with additional cyberattacks against the West.
Russian President Vladimir PoutineVladimir Vladimirovich PutinTrudeau announces sanctions against Putin and Russian Foreign Minister Overnight Defense and national security — Ukraine is at stake Ovechkin of capitals calls for ‘no more war’ with Ukraine MORE also threatened consequences for countries that try to interfere with its military operation, although the details of those consequences remain unclear.
“We’ve entered an era of hybrid warfare, where you can induce fear and weaken an adversary’s ability to do something by using cyberwarfare,” said John Cofrancesco, cyber expert and vice president of government at Fortress Information Security.
“There is no doubt that the frequency and voracity of what these guys are doing is increasing,” he added.
Last week, White House Deputy National Security Advisor Anne Neuberger urged the private sector to implement cybersecurity defenses, including encryption and multi-factor authentication, to counter cyberattacks.
Cybersecurity and Department of Homeland Security (DHS) officials have also sought to heighten precautions among the federal workforce as agencies seek to bolster their cyber defenses.
“As a reminder, the DHS Cybersecurity and Infrastructure Agency recommends that all organizations adopt an enhanced cybersecurity posture and safeguard their most critical assets,” reads a notice sent to employees of the U.S. Department of Health. ‘Agriculture this week.
The guidance, which was seen by The Hill, went so far as to suggest employees stock up on food, fuel and other supplies as part of a “personal and work preparedness” plan. “Have cash in case ATMs or credit card readers are unavailable,” the USDA Security and Technology Officers email said.
“Don’t let your vehicles run out of fuel,” employees were told in another point. The alert further instructed employees to “have basic food and emergency preparedness supplies available” and to “ensure you have a family emergency plan.”
DHS reiterated to The Hill in a Friday night statement that it had identified “no specific and credible cyberthreats against the United States” but urged all organizations “take action now to improve their cybersecurity and protect their critical assets.
Federal officials have long warned of the need to strengthen defenses, not only against cyberattacks, but also against other efforts targeting critical infrastructure.
CISA earlier this month published additional material to “help critical infrastructure owners prepare for and mitigate foreign influence operations”.
“We must be prepared for the potential for foreign influence operations to negatively impact various aspects of our critical infrastructure with the ongoing geopolitical tensions between Russia and Ukraine,” the director of the agency said at the time. CISA, Jen Easterly. “We encourage the leaders of each organization to take proactive steps to assess their risks related to the manipulation of information and to mitigate the impact of possible foreign influence operations.”
Neuberger said last week that “the US government has been preparing for potential geopolitical contingencies since before Thanksgiving,” though officials are now in a position where their cyber preparedness can be easily tested.
Regional cyberattacks have already begun amid Russia’s vicious attack on Ukraine, with several Ukrainian government websites earlier this week following a cyberattack that targeted Parliament as well as the Foreign and Defense Ministries.
The Biden administration suspects that Russian government hackers were behind the attacks, although Russia has denied any involvement.
President BidenJoe BidenOvernight Defense and National Security – Ukraine is at stake On The Money – Inflation held steady in January as the omicron raged Pics of the Week: Ukraine, Ketanji Brown Jackson and Stallions MORE said earlier this month that he was “ready to react” if Russia launched attacks on US critical infrastructure and US businesses as part of its campaign against Ukraine.
Cofrancesco said the majority of U.S. businesses are not at the level of cybersecurity needed to effectively thwart attacks, adding that “now is the time to make those investments.”
For example, he said the oil and gas industry is one of the sectors most vulnerable to cyberattacks because, unlike the energy sector, there is no legal requirement to invest in cybersecurity.
However, the Biden administration Published a security directive last year to strengthen cybersecurity incident reporting weeks after a crippling ransomware attack on Colonial Pipeline.
“Spending on cybersecurity is a very difficult thing to do,” Cofrancesco said. “It’s kind of like asking someone to buy a new roof on their house when they’ve saved up to renovate their kitchen.”