CISA ‘Shields Up’ Warning Underscores Foreign Cyberthreats

The Cybersecurity and Infrastructure Security Agency (CISA) issued a “Shields Up” risk declaration as geopolitical tensions in eastern Europe rise amid the threat of a Russian invasion of neighboring Ukraine. 

The alert highlighted several cybersecurity vulnerabilities that nation-state and cybercriminal actors may leverage and outlined steps organizations can take to reduce the likelihood of a damaging cybersecurity intrusion and ensure the organization is prepared to respond if such an intrusion occurs.

This alert, the most direct of its kind, demonstrates a growing sense of panic at rising digital and geopolitical tensions, explicitly referring to Russia as a state sponsor of cyberthreats and warning of “destructive cyber incidents,” like the ransomware and wipers previously deployed in Ukraine.

“While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine,” the warning said.

The CISA warning noted that the Russian government has used cyber as a key component of their force projection over the last decade, including previous attacks in Ukraine in the 2015 timeframe.

“Tensions in the Eastern Bloc are heating up—and we must expect that this will spill over into the U.S. The FBI confirmed that a new strain of ransomware, BlackByte, hit several forms of critical infrastructure in the U.S.,” said Justin Fier, director of cyber intel and analytics for Darktrace.

An Alarming Recommendation

Fier pointed out that in a world of digital transformation and automation, CISA’s recommendation that organizations which use ICS and OT test manual controls is alarming, given the age and complexity of these manual systems and the pressing geopolitical threat of the current moment.

“As cyber aggressions escalate, organizations across every industry, especially critical infrastructure, need to be vigilant in the face of cyber vulnerabilities, take alerts seriously, and implement patches immediately after release,” he said. “As in 2014, when Russia displayed its cyberwar capabilities by crippling the Ukrainian power grid, Russia will likely look to cyber as a proxy for damage and disruption.”

Fier said Russia may also look to disrupt critical national infrastructure with a cyberattack on Ukraine and its allies or attempt to cripple the U.S. economy in response to potential future economic sanctions. 

“We no longer have the luxury of extensive vulnerability testing and ignoring warnings; geopolitical tensions are now playing out in cyberspace,” he said. 

Myopic Focus on Productivity

Gadi Naveh, a cyber data scientist at Canonic, a Tel Aviv-based cybersecurity startup protecting SaaS business applications, called the Shields Up initiative a well-timed reminder that without sound security measures, a myopic focus on productivity is not sufficient to sustain business continuity.

“Regardless of intent, nation-state adversaries pose a clear and present danger to business continuity,” Naveh said. “While we all hope that diplomatic efforts will triumph, it’s a good opportunity to step up security controls. Such an alert backs the office of the CISO when presenting security priorities to the board and other senior executives.”

He added the CISA alert reminded business leaders that the global economy is connected, even if no organizations that conducted business with Ukraine suffered from previous attacks.

“Many local companies have customers and even employees to support in Ukraine,” he explained. “This helps to develop a mindful view of geopolitical events and their potential impact on your own security posture.”

Sandy Dunn, CSO at BreachQuest, an incident response specialist, said the Shields Up message is a call to action to every business leader, CISO and cybersecurity team.

“A CISO should act on the Shields Up message the same way a person listens and acts when the weatherman warns a hurricane may be headed to the area you live in,” Dunn said. “A cybersecurity team needs to double down on their environment. Call a team meeting; make sure people on the team are on high alert, review the incident response plan and have it available. Send a message out to the users in your organization to watch for suspicious activity.” 

Dunn also said security teams should send a message to the organization’s executive leadership reminding them that the Shields Up message is a call to action and assure them that the security team is prepared.

The CISA also urged cybersecurity and IT personnel at every organization to review its Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure alert issued in January. 

 

Nathan Eddy

Nathan Eddy is a Berlin-based filmmaker and freelance journalist specializing in enterprise IT and security issues, health care IT and architecture.

nathan-eddy has 268 posts and counting.See all posts by nathan-eddy

Secure Coding Practices