U.S. cybersecurity officials are urging federal agencies and large organizations to remain vigilant against the threat of Russian cyberattacks amid the country’s ongoing invasion of Ukraine.
The Cybersecurity & Infrastructure Security Agency (CISA) updated its “Shields Up” guidance for organizations after Russia’s incursion into eastern Ukraine, urging officials to remain “laser-focused on resilience.”
“Russia’s unprovoked attack on Ukraine, which has been accompanied by cyber-attacks on Ukrainian government and critical infrastructure organizations, may have consequences for our own nation’s critical infrastructure, a potential we’ve been warning about for months,” the CISA guidance states.
“While there are no specific or credible cyber threats to the U.S. homeland at this time, we are mindful of the potential for Russia’s destabilizing actions to impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our allies. Every organization—large and small—must be prepared to respond to disruptive cyber activity,” it added.
The specter of broad cyber warfare has increased following Russia’s invasion this week, with experts warning that Moscow could respond to retaliatory sanctions over the incursion with additional cyberattacks against the West.
Russian President Vladimir Putin has also threatened consequences for countries who try to interfere with his military operation, though the details about what those consequences are remain unclear.
“We’ve moved into an era of hybrid warfare, where you can induce fear and debilitate an adversary’s capacity to do something using cyberwarfare,” said John Cofrancesco, a cyber expert and vice president of government at Fortress Information Security.
“There’s no doubt that the frequency and the voracity of what these guys are doing is increasing,” he added.
Last week, White House deputy national security adviser Anne Neuberger urged the private sector to put in place cybersecurity defenses, including encryption and multi-factor authentication, to counter cyberattacks.
Cyber and Department of Homeland Security (DHS) officials have also sought to bolster precautions among the federal workforce as agencies seek to shore up their cyber defenses.
“As a reminder, DHS Cybersecurity and Infrastructure Agency recommends all organizations adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets,” read a notice sent to employees with the U.S. Department of Agriculture this week.
The guidance, which was viewed by The Hill, went as far as to suggest that employees stock up on food, gas and other supplies as part of a “personal and professional preparedness” plan. “Have some cash on hand in case ATMs or credit card readers are unavailable,” stated the email from USDA security and technology heads.
“Do not allow your vehicles to get low on fuel,” employees were told in another bullet point. The alert further instructed employees to “have basic food and emergency preparedness supplies available” and “ensure that you have a family emergency plan.”
DHS reiterated to The Hill in a statement Friday evening that it had not identified “any specific, credible, cyber threats to the U.S.” but urged all organizations “to take steps now to improve their cybersecurity and safeguard their critical assets.”
Federal officials have long warned about the need to shore up defenses, not just against cyberattacks but also against other efforts targeting critical infrastructure.
CISA earlier this month released additional material to “help critical infrastructure owners prepare for and mitigate foreign influence operations.”
“We need to be prepared for the potential of foreign influence operations to negatively impact various aspects of our critical infrastructure with the ongoing Russia-Ukraine geopolitical tensions,” CISA Director Jen Easterly said at the time. “We encourage leaders at every organization to take proactive steps to assess their risks from information manipulation and mitigate the impact of potential foreign influence operations.”
Neuberger said last week that “the U.S. government has been preparing for potential geopolitical contingencies since before Thanksgiving,” though officials are now in a position where their cyber preparations may be readily tested.
Regional cyberattacks have already started amid Russia’s violent attack on Ukraine, with several Ukrainian government websites down earlier this week following a cyberattack that targeted the Parliament as well as the Foreign affairs and Defense ministries.
The Biden administration suspects that Russian government hackers are behind the attacks, though Russia has denied any involvement.
President Biden said earlier this month that he’s “prepared to respond” if Russia launches attacks on U.S. critical infrastructure and American companies as part of its campaign against Ukraine.
Cofrancesco said that the majority of U.S. businesses are not at the level of cybersecurity needed to efficiently counter attacks, adding “now is the time to make those investments.”
For instance, he said the oil and gas industry is one of the most vulnerable sectors to cyberattacks because, unlike the energy sector, it is not mandated by law to invest in cybersecurity.
However, the Biden administration issued a security directive last year to bolster reporting of cybersecurity incidents weeks after a crippling ransomware attack on Colonial Pipeline.
“Cybersecurity spending is a very difficult thing to do,” Cofrancesco said. “It’s a lot like asking somebody to buy a new roof on their house when they’ve been saving to remodel their kitchen.”
— Ines Kogubare contributed