Critical Infrastructure Security , Fraud Management & Cybercrime , Governance & Risk Management
Senators Request Briefing on Infrastructure CybersecurityAsk DHS Officials About Cyber Defense; Execs Reportedly Fear Hit on SWIFT
With the ground war worsening in Ukraine, the international community is rallying behind the former Soviet state, and lawmakers in the U.S. are seeking guidance from the Department of Homeland Security on ways to continue fortifying U.S. cyber defense. The move comes as some cyber experts predict an ultimate escalation in Russia's malicious cyber activity targeting either Ukraine's infrastructure or NATO member networks.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
A group of nearly two dozen, bipartisan senators - led by Sens. Jacky Rosen, D-Nev., and Mike Rounds, R-S.D. - sent a letter on Sunday to DHS Secretary Alejandro Mayorkas, requesting a briefing on ways to shore up U.S. infrastructure. This comes as threats loom about the Putin regime retaliating against the West for its support of Ukraine and for sanctions that have steadily bruised the Russian economy.
In the correspondence, the senators copied Cybersecurity and Infrastructure Security Agency Director Jen Easterly, National Cyber Director Chris Inglis and Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger.
Contents of the Letter
Calling Russia's campaign in Ukraine "violent and unprovoked," the lawmakers say they are "concerned that the U.S. may be targeted in retaliation for actions taken to impose costs on Russia."
The group says that the Russian government "often engages in malicious cyber activities, including espionage, intellectual property theft, disinformation, propaganda, and cyberattacks, that target the U.S." In response, they add, the U.S. has previously "imposed sanctions on Russian security personnel and agents for various cyberattacks," including for the late 2020 cyberespionage campaign leveraging a software update from the firm SolarWinds.
The lawmakers also assert that the Russians have leveraged disinformation and interference campaigns - including alleged attempts to influence U.S. elections - showing a "history of disruptive activities."
And the 22 lawmakers now assert that they "stand with the Ukrainian people," and as the U.S. imposes "crushing sanctions on Vladimir Putin's regime … we must also work to secure the homeland from retaliatory cyber activities."
Remember, 'Shields Up'
The group led by Rosen and Rounds commends CISA's recently published "Shields Up" technical guidance webpage to help organizations prepare for, respond to and mitigate the impact of cyberattacks stemming from the conflict in Eastern Europe.
Last month, CISA first issued the "Shields Up" warning to U.S. organizations, urging basic but crucial cyber hygiene measures that must be addressed in the face of a potential surge in Russian state-backed cybercrime. CISA and the FBI also subsequently warned of specific wiper malware targeting Ukrainian organizations.
The nation's operational cyber agency issued the advisory as denial-of-service and malware attacks began surfacing last month. CISA said at the time that it had been working hand in hand with partners to identify and rapidly share information about malware and other threats.
The agency also warned that Russian cyber actors could seek to exploit existing vulnerabilities to gain persistence and move laterally. And the advisory urges organizations to address network architecture, security baseline, continuous monitoring and incident response practices.
Briefing: Talking Points
The senators have now requested a briefing with DHS officials, asking the following:
- What CISA is doing to monitor and defend against Russian state-sponsored cyberthreats, if certain entities or sectors are at risk and if there's a strategy if at-risk systems are hit;
- How CISA is identifying and providing technical support to at-risk critical infrastructure;
- How the "Shields Up" guidance is being disseminated to critical infrastructure owners and operators, smaller entities that do not have CIOs or CISOs and those that are not members of the new information-sharing platform, the Joint Cyber Defense Collaborative;
- How DHS is defending against Russian disinformation attempts, whether that threat level has risen and what DHS is doing to mitigate threats;
- How CISA is working with international partners for operational coordination and building capacity - including for both NATO allies and Ukraine.
On the requests to DHS and critical infrastructure concerns, Jasmine Henry, field security director at the firm JupiterOne, tells ISMG: "Critical infrastructure, as well as organizations in other industries, should be aggressive about building an internal capacity for continuous detection, investigation and response. The future of cyber preparedness is 'real time.'"
The senators' urgency in their DHS request comes amid continued violence in Ukraine. On Tuesday, Ukrainian President Volodymyr Zelenskyy addressed the Canadian Parliament and on Wednesday, he is expected to virtually address the U.S. Congress.
Zelenskyy told Canadian lawmakers that "every night is horrible" and the Russians have continued their shelling "from all kinds of artillery, from tanks … hitting civilian infrastructure."
Canada imposed new sanctions on Russia on Tuesday, targeting 15 Russian individuals, CNN reported. The Russians also reportedly leveled retaliatory sanctions on U.S. leaders, including President Joe Biden; Secretary of State Antony Blinken; the president's son, Hunter Biden; and Defense Secretary Lloyd Austin, among others, the same outlet writes.
Cyberthreats to Financial System
While U.S. officials and former cyber executives continue to warn of potential Russian aggression in cyberspace, the global financial system also remains on high alert (see: Top Cyber Officials Say Russians May Yet Escalate Cyberwar).
According to a new report from the Financial Times, large financial institutions now worry that the Russians may retaliate against SWIFT - the international bank-messaging system enabling cross-border transactions, which has more than 11,000 members. This follows the exclusion, on SWIFT, of seven Russian lenders last weekend - including VTB, Russia's second-largest bank, and Promsvyazbank, which reportedly finances Russian war efforts.
Cyber executives at financial institutions told FT that SWIFT, which carries trillions in payments daily, could increasingly become a target for the Russians, should they up the ante of what many feared would be a vicious cyberwar.
While large Russian financial institutions Sberbank and Gazprombank remain connected to SWIFT, a financial regulator told the same publication that the system could be a clear target for malicious actors, which would be "detrimental to the whole banking system."
Such an attack, some experts reportedly warn, could be a more appealing target to Russian hackers than zeroing in on individual institutions.
SWIFT is a Belgian cooperative, headquartered in La Hulpe, Belgium, and owned by its member financial institutions.
SWIFT's defenses have not been impenetrable. In fact, in 2016, a hacker who reportedly infiltrated SWIFT's Alliance Access software siphoned $81 million from the Bangladesh central bank through its New York Federal Reserve Bank account (see: Bangladesh Eyes Insider Angle for SWIFT Bank Attack).
The attack reportedly involved malware written to issue SWIFT messages and conceal activity. It was reportedly programmed to delete records of the transfers and other measures to cover its tracks. SWIFT later announced several initiatives to bolster its cyber defenses.
On its website, the bank-messaging platform writes: "SWIFT takes cybersecurity very seriously. We actively learn about external cyber incidents, malicious modus operandi and cyber threats from a variety of public, specialized or confidential sources, helping us to drive our continuous investment in prevention, detection and/or recovery.
"Whenever our comprehensive investigations lead us to believe such threats or vulnerabilities may constitute a risk to the security of our operations, we take appropriate actions in a timely fashion to mitigate such risks and protect our services."