San Antonio cybersecurity experts prep for Russian attacks

In recent weeks, network security officials have been analyzing a welter of cyber activity — and reading a flood of alerts from federal agencies urging banks and other businesses and local governments to prepare for digital attacks.

A retired Air Force intelligence officer, Dickson has been frenetically scanning the Twitter feeds of open-source intelligence (OSNIT) accounts to keep tabs on publicly available information concerning the conflict. He’s also tracking news from Information Sharing and Analysis Centers, formed by online groups providing updates on cyber threats.

“We’re looking for ‘anomalous behavior’ — anything different from a week or two ago,” he said. “We’re standing up incident response teams, or at least making it an open process.”

Bret Piatt, CEO of locally based Jungledisk, said his cloud data protection and cybersecurity firm had put employees “through scenario planning exercises over the past few months based on a range of expected outcomes” regarding the conflict.

“Cyber criminals are opportunistic,” he said. “When people’s attention is elsewhere, they will increase their activity.”

Texas has a history with cyber threats born in Russia.

Russian hackers attacked Austin-based information technology firm SolarWinds in 2020, gaining access to the Cybersecurity and Infrastructure Security Agency — the arm of the Department of Homeland Security responsible for protecting federal computer systems.

In May, Russian-speaking hackers shut down the Colonial Pipeline, which carries gasoline and jet fuel between Houston and the U.S. Southeast and New York area.

Cybercity

San Antonio has one of the largest concentrations of military installations in the U.S., with three bases and Camp Bullis on the far North Side. The city also has a lot of cybersecurity workers, with more here than in any other U.S. city outside of the Washington, D.C., area.

San Antonio is home to the Air Force Cyber Headquarters, the National Security Agency’s Texas Cryptologic Center, the Alamo Regional Security Operations Center and the University of Texas at San Antonio, which has one of the nation’s top cybersecurity program.

Max Kilger, an associate professor at UTSA’s College of Business, said he spent Thursday afternoon watching CNN and analyzing OSNIT accounts. He was gathering information on the conflict from inside UTSA’s new National Security Collaboration Center.

“It’s crazy busy right now,” said Kilger, who was working alongside military cyber experts at the center. “You’re going to see a lot of busy people here in San Antonio, in the government and in other industries, as they’re ratcheting up their posture and stepping up their routines.”

Cybersecurity experts have been following the Russia-Ukraine situation for months, and federal officials have issued numerous warnings of potential network attacks.

In January, Homeland Security warned that Russian hackers could launch cyber attacks against the United States if they perceived a threat from the U.S. or NATO as Putin moved forces to the Ukrainian border.

Two weeks ago, CISA issued a “Shields Up” alert, advising U.S. organizations of all sizes to prepare for potential cyber attacks. Last week, the FBI and DHS told law enforcement and military officials to look out for signs of Russian online assaults.

San Antonio cybersecurity leaders say they’re in high gear searching for possible cyber threats. For now, they’re focused on protecting banks and other financial institutions. They’re also keeping eyes on the computer networks of government agencies and utilities.

“It’s a little early in the game,” said Kilger, who studies the social and psychological factors motivating hacking groups and cyberterrorists. “But I wouldn’t be surprised to see retaliatory measures coming from the Russian government or hacking groups associated with Russia” against U.S. banks in response to economic sanctions.

Dickson also thinks U.S. sanctions could inspire cyber attacks originating in Russia.

“Russia’s escalation has made the prospect of some sort of cyber war more tangible,” he said. “This is most certainly the case for organizations that run components of our critical infrastructure, or banks.”

The Texas Department of Information Resources said in an email Thursday that its “top priority” was protecting the state’s computer systems from threats.

“Cyber threats are a constant in today’s world, and it is imperative that we work together across government to remain vigilant especially during times of heightened international discord,” the DIR said.

This week, Dickson took an informal poll of 20 chief information security officers in North America, asking how they were preparing for possible attacks. Most were launching incident response teams and closely monitoring key systems.

“In general, there’s a feeling this is about to get real for security teams,” Dickson said.

State officials are urging Texans to “remain alert while online, look for suspicious activity in your accounts, update and strengthen passwords, and ensure all devices — including mobile devices — are up to date with the latest security and software updates.”

Cybersecurity experts are encouraging San Antonio businesses, government agencies and nonprofits of all sizes to review their network-defense plans, run tests, turn off unnecessary equipment and train employees — so they don’t click on an email that’s carrying a virus, for example.

They’re also urging IT security leaders to not run their cyber teams ragged. The threat of personnel exhaustion is real.

“I’m worried that if the current crisis on the ground in the Ukraine spreads to include non-conventional cyber components, and if U.S. companies are targeted, I think we’ll see a surge in demand for outside help,” Dickson said. “Given that most security services vendors are running lean themselves, there might be a rush for external resources if cyberattacks are widespread.”

Comments are closed.