Cyberwarfare Risks Continue as Ukraine Crisis Escalates
Cybersecurity experts continue to sound the alarm as Russia’s invasion of Ukraine intensifies and fears of global cyberwarfare that could have wide-ranging impacts on governments and organizations of all sizes grow.
The U.S. Department of Justice (DOJ) and the Cybersecurity and Infrastructure Security Agency (CISA) called for a “Shields Up” defense posture in the past weeks, and DOJ Deputy Attorney General Lisa Monaco stated during a keynote speech at the Munich Cyber Security Conference on February 17 that organizations should be monitoring their cybersecurity posture “in real-time.”
Take All Necessary Precautions
“They really should be on the most heightened level of alert that they can be and taking all necessary precautions,” Monaco said in a report from The National Law Review.
The following day, CISA published its Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure advisory, which provided critical infrastructure owners and operators with guidance for identifying and mitigating the risks of influence operations that use mis-, dis-, and malinformation (MDM) narratives.
Karen Walsh, CEO and founder at Allegro Solutions, noted Russia has always used cyberwarfare tactics as part of its military strategies.
“It may be using them to distract us from what we see in the news,” she said. “It may be using them to stymie Ukraine and Ukrainian allies, preventing them from sharing information or responding to these attacks.”
Walsh said early detection would be key to disabling Russia’s ability to weaponize digital resources.
“Companies need to be able to detect and investigate as quickly as possible to make sure that they aren’t used by Russia as part of their military exploits,” she added.
All Hands on Deck
Scott Kanry, CEO of Axio, a provider of cybersecurity risk management software, said some CISOs responded by pulling up the latest green/yellow/red heat maps, discussing patching cadences and noting that it’s an all-hands-on-deck week for the cybersecurity team.
“Other CISOs will pull out their current event impact dashboards and refresh the CEO’s memory on how a successful cybersecurity event could impact the business in financial and operational terms,” he said. “They’ll then explain how well the cybersecurity program is performing against the most significant areas of risk and explain how the incident response program and insurance program will minimize impacts if an event occurs. Finally, they’ll give the CEO their ‘wish list’ of additional controls to consider, rank-ordered by risk reduction impact.”
From Kanry’s perspective, companies having the second conversation are much better positioned in general, but most certainly are better-positioned in the shorter term.
“They are the ones whose boards and CEOs should have confidence that the security and risk teams are managing cybersecurity risk as effectively as possible,” he said. “Unfortunately, most companies are still having the first conversation.”
SecZetta chief product officer Richard Bird, who formerly served on the board of the Identity Defined Security Alliance (IDSA), pointed out the news coming from both the U.S government and Russian leadership is that cyberwarfare is very much a component of nation-state strategies.
“Not just for facilitating the potential destruction of military and critical infrastructure, but also for controlling the media, sowing chaos and disrupting the daily lives of citizens,” he said. “We must assume that the well-publicized digital incursions that have been directly sponsored by the Russian government over the last three years have simply been practice for bigger and worse actions against their perceived enemies—not just at the nation-state level but against agencies, organizations and individuals around the world.”
Bird said considering the burgeoning international crisis, organizations both large and small need to extend their goodwill—and park their skepticism or cynicism—toward domestic agencies and organizations that are experts in nation-state-level interactions and diplomacy.
“Corporations, whether enterprise-grade or mom-and-pop shops, cannot make the presumptive error of trusting in either themselves or popular media outlets to be experts in the level of geopolitical chess-playing that is happening in the Kremlin, in the White House and Congress or in the halls of the United Nations,” he said. “These are not games for the uninitiated.”
Bird recommended all U.S.-based organizations keep an eye out for announcements from the U.S. Department of State, CISA, the FBI, Department of Homeland Security as well as any solution providers that have a substantial amount of global exposure such as Microsoft, Apple, Crowdstrike, Okta and Cisco Security.
“I don’t personally want to see a single company, nation or individual hurt by Russia’s cyberattacks, but many organizations will be complacent in the face of these threats,” he said. “That isn’t an opinion, it is simply a historically confirmed fact.”
