CISA Warns Orgs to Prep for Potential Russian Cyberattacks'Shields Up' Advisory Points to Escalating Tensions at Ukrainian Border
The U.S. Cybersecurity and Infrastructure Security Agency has issued a "Shields Up" alert to U.S. organizations to protect against potential retaliatory cyberattacks at the hands of the Russians - especially if the Biden administration intervenes in the country's conflict with Ukraine, where Russia has massed some 100,000 troops.
In the latest alert, CISA says, "The Russian government has used cyber as a key component of their force projection over the last decade, including previously in Ukraine in the 2015 timeframe. The Russian government understands that disabling or destroying critical infrastructure - including power and communications - can augment pressure on a country's government, military and population and accelerate their acceding to Russian objectives."
CISA says it is not aware of "any specific credible threats to the U.S. homeland," but that it is "mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine."
In response, the nation's operational cyber agency says it is working with critical infrastructure partners to "ensure awareness of potential threats."
Also in response, CISA says all organizations should adopt a "heightened posture" to protect critical assets.
Russia has amassed tens of thousands of troops along Ukraine's eastern border and has, for months, teased a full-scale invasion of the former Soviet nation. Russian President Vladimir Putin has worked to bar Ukraine from joining NATO, the intergovernmental military alliance. U.S. President Joe Biden subsequently warned the Kremlin to de-escalate.
Some foreign policy experts contend that Russia views Ukraine as part of its sphere of influence and point to its annexation the Crimean Peninsula in southern Ukraine in 2014. In January, multiple Ukrainian websites were defaced with dire warnings and propaganda. Language included "be afraid and expect the worst." Ukraine's state security service, the SBU, has said it believes the activity is linked to Russian intelligence services.
To enable or deepen military operations, many security and foreign policy experts also say they believe that Russia could launch a broader cyberattack that would precede any kinetic strike.
The prospect of Western intervention in the conflict prompted the U.S. Department of Homeland Security, CISA's parent agency, to issue a bulletin last month, warning of potential cyberattacks on U.S. infrastructure (see: Report: DHS Fears Russian Cyberattack If US Acts on Ukraine).
In the Jan. 23 advisory, officials said they believe that if the U.S. responds to rising tensions between the Kremlin and Ukraine's government, led by President Volodymyr Zelenskyy, the Russian government or its proxies could initiate a cyberattack.
DHS warned that Russia can employ a "range of offensive cyber tools" against U.S. networks, including "a low-level denial of service attack" or a "destructive" attack on critical infrastructure.
Last week, the European Central Bank, the central bank of the 19 European Union countries that use the euro, reportedly warned against potential Russian cyberattacks on European banks, and EU banking institutions are reportedly conducting cyber war games to test resiliency against a potential Russian cyber offensive (see: Report: European Central Bank Warns Against Russian Hacking).
CISA Says 'Shields Up'
In its warning issued late Friday, CISA advises network defenders to reduce the likelihood of a damaging cyber intrusion by validating that all remote access to the organization's network and privileged or administrative access requires multifactor authentication.
The agency also advises security teams to ensure software is up to date, prioritizing updates addressing known exploited vulnerabilities, and to confirm that ports and protocols not essential for business purposes have been disabled.
CISA also warns organizations to ensure that IT personnel have reviewed and implemented strong controls and utilize the agency's free cyber hygiene services.
CISA, which is led by its director, Jen Easterly, also urges U.S. organizations to focus on identifying unexpected network behavior and to enable logging to better investigate incidents.
CISA also says security teams should confirm the organization's entire network is protected by antivirus/antimalware software, and if working with Ukrainian organizations, "take extra care to monitor, inspect, and isolate traffic from those organizations; [and] closely review access controls."
Other CISA tips include: Designate a crisis response team with main points of contact, including technology, communications, legal and business continuity. Elsewhere, they say, teams should assure personnel availability and conduct tabletop exercises.
Lastly, CISA urges organizations to test backup procedures to ensure rapid restoration and to ensure that backups are isolated from network connections. If using industrial control systems or operational technology, they say, conduct a test of manual controls to ensure critical functions remain operable if the network is down.
While fears of kinetic war intensify, those in the cybersecurity community continue to envision how a direct military cyber operation stemming from Moscow may affect Zelenskyy's government - or the West. The Russians have previously targeted Ukraine's power grid and in 2017, they are believed to have leveled the NotPetya malware on Ukrainian networks before the self-propagating worm spread worldwide.
To combat this cyberthreat, security experts praise CISA's latest step.
"It is a welcome development to see that CISA has been working with critical U.S. infrastructure partners to encourage infrastructure providers to become more proactive with cybersecurity preparedness," says Neil Jones, a cybersecurity evangelist for the firm Egnyte.
Ross Nodurft, former chief of the Office of Management and Budget's cybersecurity team, says: "Hopefully, CISA continues these efforts to focus both the security communities and critical infrastructure leadership."
Nodurft, who is currently the executive director of the Alliance for Digital Innovation says, "[This will] give our nation the best chance to defend against these potentially significant threats."
Others point to crippling consequences of the intensifying geopolitical feud.
"A critical threat every organization in the U.S is facing is 'unintended consequence' from the Russian cyber activities against Ukraine," says Sai Huda, a former lead faculty member for training at the Consumer Financial Protection Bureau.
Huda, an advisory board member at the Cyber Center of Excellence and CEO of the firm CyberCatch, adds, "As a nation, we should create a baseline standard of cybersecurity controls … otherwise, we will always be one step behind, because of weak links in the chain that will be exploited, and be at risk of 'unintended consequence.'"
Top Officials Discuss
In a call with Zelenskyy on Sunday, President Biden reportedly told the Ukrainian leader that the U.S. would respond "swiftly and decisively" if Russia crosses the use-of-force threshold, according to a White House readout.
Then on Friday, U.S. Secretary of State Antony Blinken said that a Russian invasion of Ukraine could begin as soon as this week, despite the ongoing Winter Olympics in Beijing, CNN reported.
Putin visited Beijing at the start of the Olympics and sat down with Chinese President Xi Jinping. The two issued a pact of cooperation. China has long been viewed as an aggressor in cyberspace.
Blinken told reporters last week that the U.S. was drawing down its embassy in Kyiv, the capital of Ukraine.
Defense Secretary Lloyd Austin also confirmed on Monday that he will meet with NATO allies in Eastern Europe on Tuesday. Meanwhile, Blinken confirmed that the U.S. Embassy in Ukraine will temporarily move to Lviv in western Ukraine, closer to its border with Poland.