Russia's unprovoked invasion of Ukraine and the
subsequent widespread sanctions and condemnation by
leaders across the world, including the United States and NATO
allies, have raised concern about Russian retaliation using cyberwar
tactics. Both in the private and public sectors, cybersecurity experts
encourage increased vigilance. The federal government is responding
to this increased threat by advocating for safer cybersecurity
habits through the Cybersecurity and Infrastructure Security
Agency's (CISA) "Shields Up" Program, promoting new ransomware response
guidance, restructuring crucial elements of the
internet backbone to strengthen security, and by legislatively enforcing mandatory
reporting timelines.
The Risk to the Private Sector â What You Can Do to
Prepare
From SolarWinds to Colonial Pipeline, Russian-connected threat
actors have demonstrated the capability to wreak havoc on the
private and public sectors. Cybersecurity experts have been
monitoring increased nation-state activity during the ongoing
conflict in Ukraine. Hefty U.S. sanctions imposed on Russia could
make the United States a top target of Russian cyberattacks,
particularly if additional U.S. measures impact energy exports, the
main source of hard currency for Russia. These threats may come in
the form of ransomware locking down personal or business systems,
or through more complex infrastructural attacks targeting internet
access, financial systems, or even the power grid. Cybersecurity
experts and CISA are encouraging businesses and
consumers to practice good "cyber hygiene," such as:
- Implementing multifactor authentication, which mitigates the
weakness of password-only security based systems; - Ensuring software and firmware are up-to-date
on all devices, especially anti-virus and
anti-malware software and web browsers; - Enforcing strong password policies and encouraging password
changes on a regular basis; - Increasing vigilance for highly complex phishing attacks and
implementing a "think before you click" approach;
and - For Ukrainian-connected organizations, monitoring and
responding to incidents on their network, and isolating any traffic
coming from Ukraine.
NIST Ransomware Response Guidance
The propensity of Russian threat actors using ransomware as a
preferred method of attack should encourage entities to implement
robust risk management and response plans. The National Institute
of Standards and Technology (NIST) published a quick start guide to aid organizations in
their use of the NIST Ransomware Risk Management Cybersecurity
Framework Profile. This guide and the broader framework profile
mirror the NIST Cybersecurity Framework (which aids organizations
in managing and reducing cybersecurity risks) in its core
cybersecurity functional approach, while also offering guidance
specific to ransomware threats. The Framework is organized by five
key functions:
- Identify â Develop an
organizational understanding to manage cybersecurity risks to
systems, assets, data, and capabilities. - Protect â Develop and implement the
appropriate safeguards to ensure delivery of services. - Detect â Develop and implement the
appropriate activities to identify the occurrence of a
cybersecurity event. - Respond â Develop and implement the
appropriate activities to take action regarding a detected
cybersecurity event. - Recover â Develop and implement the
appropriate activities to maintain plans for resilience and to
restore any capabilities or services that were impaired due to a
cybersecurity event.
FCC Encourages Increased Security MeasuresÂ
The Federal Communications Commission (FCC) unanimously approved a notice of inquiry
for secure use of the internet's global routing system, the
Border Gateway Protocol (BGP), in light of Russia's aggression.
This inquiry will focus on vulnerabilities of the internet's
global routing system and will also examine the potential impacts
that these vulnerabilities can have on the transmission of data
through email, e-commerce, bank transactions, interconnected
Voice-over Internet Protocol, and other electronic transmission
sources. Known vulnerabilities surrounding the BGP already exist,
some of which Russian-connected threat actors have exploited,
including the ability to manipulate the BGP to execute a
distributed denial of service attack ("DDoS attack") and
to reroute and steal data. The inquiry notes a range of measures that NIST, the Internet
Engineering Task Force, and the FCC have recommended. Such
measures, however, have not been uniformly adopted. This is an
important inquiry to monitor as network operators may soon face
increased security requirements, including heightened security
standards known as "BGPsec," in order to mitigate
critical vulnerabilities.
Senate Passes the Strengthening American Cybersecurity Act
With the growing threat of Russian cyberattacks, the
Senate expedited its approval of the Strengthening American Cybersecurity Act. If
enacted, the Act will impose rapid reporting deadlines for critical
infrastructure operators and federal agencies. This legislation
would impact companies across 16 federally designated critical
infrastructure sectors, including energy and financial services. It
includes the following paraphrased provisions:
- Critical infrastructure operators and federal agencies must
report cyberattacks within 72 hours and
ransomware payments within 24 hours to
CISA. These reporting obligations also require prompt submission of
supplemental reports until the incident is fully resolved. - Current federal cybersecurity laws would be updated to enhance
coordination between federal agencies. - All federal civilian agencies would be required to report any
substantial cyberattacks to CISA. - The Federal Risk and Authorization Program (FedRAMP) will be
given a five-year authorization to ensure federal agencies are able
to adopt cloud-based technologies.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
Gloss