BLOG

Russian Cyber Attacks Have Commenced. 'Shields Up' Advisory Issued by the U.S. Cybersecurity & Infrastructure Security Agency

The Ukraine situation has led the U.S. Cybersecurity & Infrastructure Security Agency to issue the following guidance in the face of possible cyber-attacks launched by Russian proxies or Moscow itself.

shields-up-logo

Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. Over the past year, cyber incidents have impacted many companies, non-profits, and other organizations, large and small, across multiple sectors of the economy.

Notably, the Russian government has used cyber as a key component of their force projection over the last decade, including previously in Ukraine in the 2015 timeframe. The Russian government understands that disabling or destroying critical infrastructure—including power and communications—can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives.

While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine. 

Based on this situation, CISA has been working closely with our critical infrastructure partners over the past several months to ensure awareness of potential threats—part of a paradigm shift from being reactive to being proactive.

Many critical infrastructure or state, local, tribal, and territorial governments may find it challenging to identify resources for urgent security improvements. CISA has established a catalog of free services from government partners, the open source community, and JCDC companies to assist with this critical need.

CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets. Recommended actions include:

Reduce the likelihood of a damaging cyber intrusion

  • Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.

  • Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.

  • Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.

  • If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA's guidance.

Take steps to quickly detect a potential intrusion

  • Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.

  • Monitor all systems during off-hours, hackers never sleeps.

  • Confirm that the organization's entire network is protected by antivirus/anti-malware software and that signatures in these tools are updated in real-time, if possible.

  • If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.

Ensure that the organization is prepared to respond if an intrusion occurs

  • Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business continuity.

  • Assure availability of key personnel; identify means to provide surge support for responding to an incident.

  • Confirm location and availability of your Incident Response Plan.

  • Review your Incident Response Plan for key data accuracy including contact information and key personnel roles.

  • Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.

Maximize the organization's resilience to a destructive cyber incident

  • Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections.

  • When backups are completed, disconnect backup systems from the network to protect them from possible attack.   

  • Test readiness of secondary and backup data centers including auto and manual rollover.

  • Confirm the readiness of alternate power systems including generators and battery backups in the event of grid interruption.

  • Locate and verify secondary fuel availability sources in the event of primary source interruption.

  • Review employee alerting methods and test for proper functionality.

  • If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.

By implementing the steps above, all organizations can make near-term progress toward improving cybersecurity and resilience. In addition, while recent cyber incidents have not been attributed to specific actors, CISA urges cybersecurity/IT personnel at every organization to review Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure. CISA also recommends organizations visit StopRansomware.gov, a centralized, whole-of-government webpage providing ransomware resources and alerts.

As the nation’s cyber defense agency, CISA is available to help organizations improve cybersecurity and resilience, including through cybersecurity experts assigned across the country. In the event of a cyber incident, CISA is able to offer assistance to victim organizations and use information from incident reports to protect other possible victims. All organizations should report incidents and anomalous activity to CISA and/or the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.

CONTACT JANUS ASSOCIATES

For the past 33+ years, JANUS Associates has helped hundreds of government agencies, commercial entities, educational institutions, and not-for-profits protect their critical infrastructures, data, clients, and employees.

Get in touch with Chris Kniffin, Corporate Director, to learn more about how the team of experts at JANUS can help protect your business effectively. Subscribe to the JANUS Associates Cyber Threat Report through the opt-in form in the footer below to stay updated and follow us on Twitter and LinkedIn.

New call-to-action

New call-to-action
New call-to-action

Subscribe to Cyber Threat Report