With tensions mounting between Russia and Ukraine, the Cybersecurity and Infrastructure Security Agency (CISA) is warning critical infrastructure (CI) owners and operators – as well as any other United States-based organizations – to keep their guard up. To help organizations do that, the cybersecurity agency released insights for the CI sector, as well as a new webpage Feb. 18 to help organizations better steel themselves against a potential Russian cyber threat.
Although the conflict and potential escalation are taking place more than 5,000 miles away on the Russia-Ukraine border, CISA Director Jen Easterly said it’s important for American CI owners and operators and other U.S. organizations to stay vigilant.
Easterly emphasized that there are currently “no specific credible threats to the U.S. homeland,” but said that the global nature of our digital networks means that network defenders should be prepared, should they potentially be targeted.
“Our networks and our critical infrastructure are integrated into a larger global cyber ecosystem, which means that we all need to be ready: as I like to say, ‘Shields Up,’” Easterly said at an Aspen Digital event Feb. 18. “So given the rising tensions and the potential invasion of Ukraine, by Russia, we’ve actually been leaning forward to inform our industry partners of potential threats.”
“We need to be prepared for the potential of foreign influence operations to negatively impact various aspects of our critical infrastructure with the ongoing Russia-Ukraine geopolitical tensions,” Easterly said in a press release announcing the insights. “We encourage leaders at every organization to take proactive steps to assess their risks from information manipulation and mitigate the impact of potential foreign influence operations.”
CISA’s insights for CI owners and operators specifically warns of nation-state misinformation, disinformation, and malinformation (MDM) campaigns that could target critical infrastructure, and offered five recommendations for how to prepare for and combat MDM campaigns.
“Recently observed foreign influence operations abroad demonstrate that foreign governments and actors can quickly employ sophisticated influence techniques to target American audiences with the goal of disrupting U.S. critical infrastructure and undermining U.S. interests,” the release says. “This CISA Insight is intended to raise awareness amongst critical infrastructure owners and operators on the risks of such influence operations.”
CISA first recommends that CI operators should assess the information environment, learning how information is disseminated in the sector, and seeing what precedent there is for MDM narratives in the sector. From there, CISA says CI operators should identify any vulnerabilities, fortify channels of communication, engage in proactive communication, and develop incident response plans. For the latter, CISA recommends that organizations designate leads to oversee MDM incident response.
CISA also created its “Shields Up” page, aimed at American organizations more broadly. CISA recommends that organizations take steps like implementing multi-factor authentication to reduce the likelihood of a cyber intrusion, take steps to quickly detect potential intrusions, ensure that they’re prepared should an intrusion occur, and maximize their resilience.
Most importantly, according to Easterly, organizations should lower their normal threshold for what constitutes anomalous activity. She said that if the last year is any indicator, it is most likely that a private company will see the early warnings of a cyber campaign first, and emphasized that information needs to be promptly shared with Federal cyber defenders.
“Of the guidance that we have been providing, perhaps the most critical is that organizations need to lower their thresholds for escalating anomalous activity and sharing that information with the government,” Easterly emphasized. “Just get that information to the government, and rest assured that we are very tightly connected, and we will share that information to ensure that we can protect the security of the U.S.”
