The FBI Cyber Division’s latest initiative, Operation Winter SHIELD, is growing as more field offices join the cybersecurity defense campaign that aims to turn lessons from investigations into high-impact actions that organizations can take to strengthen their defenses.
The bureau launched Operation Winter SHIELD on Jan. 28 as a two-month effort that spotlights one of 10 “high-impact actions” each week. The initiative is designed to help organizations reduce common breach pathways and harden critical infrastructure systems against nation-state and criminal cyber threats.
Since its announcement, numerous FBI field offices across the nation have voiced their support for the operation – some of the latest field offices to join this week include Seattle, Philadelphia, and Anchorage.
In a video announcement, FBI Cyber Division Assistant Director Brett Leatherman said the campaign distills insights from real-world investigations into practical steps that organizations can take immediately.
“Every winter storms test our infrastructure. Power grids, water systems, and supply chains are pushed to their limits, but the most critical threats to infrastructure don’t come from the weather. They come through our networks,” Leatherman said.
The 10 actions outlined by the FBI include:
- Adopt phish-resistant authentication
- Implement a risk-based vulnerability management program
- Track and retire end-of-life technology on a defined schedule
- Manage third-party risk
- Protect security logs and preserve them for an appropriate time period
- Maintain offline immutable backups and test restoration
- Identify, inventory, and protect internet-facing systems and services
- Strengthen email authentication and malicious content protections
- Reduce administrator privileges
- Exercise your incident response plan with all stakeholders
“The fundamentals of cybersecurity still matter. Strong passwords, phish-resistant authentication, patching, and employee awareness continue to prevent many intrusions. Operation Winter Shield builds on those basics by advancing the conversation toward resilience,” Wayne Jacobs, the special agent in charge of the FBI Philadelphia field office, said in a statement on Friday.
Mike Herrington, special agent in charge of the FBI’s Seattle field office, emphasized that the guidance applies beyond the technology sector.
“From our military installations to our seaports, agricultural and aerospace industries, tribal communities, and more, we encourage the public and businesses of all sizes to stay vigilant in protecting their systems and data against cyber attacks,” Herrington said in a statement.
Leatherman said in the Jan. 28 announcement that the bureau is seeking broader adoption of proven safeguards – not a compliance checklist approach.
“These 10 controls are meant to start a conversation and build measurable progress across industry, government, and critical infrastructure,” Leatherman said. “Cyber operations are invisible until they aren’t,” he added, pointing to activity by foreign cyber groups such as Volt Typhoon.
“These aren’t isolated incidents. They’re part of a sustained campaign by foreign adversaries targeting our most critical systems. Meanwhile, cyber criminals continue to steal our money and hold our data for ransom, but together, we can deny adversaries the digital real estate they need to operate and raise the cost of every attack,” Leatherman said.