WASHINGTON — As Ukraine braces for a possible Russian invasion that may come within days, the U.S. government is warning agencies, businesses and other critical organizations to be on their guard against cyberattacks.
The Cybersecurity and Infrastructure Security Agency has posted a “Shields Up” warning, which the Pentagon emailed to members of the defense industry Monday morning, alerting organizations to the potential for cyberattacks.
Cyberattacks have been a central part of Russia’s playbook in the past, CISA said, particularly in Ukraine in 2015. And while CISA said the U.S. homeland is not now facing any specific, credible threats, Russia could “consider escalating its destabilizing actions in ways that may impact others outside of Ukraine.”
“The Russian government understands that disabling or destroying critical infrastructure — including power and communications — can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives,” CISA wrote.
CISA, which is part of the Homeland Security Department, helps organize the nation’s efforts to prevent and respond to cyberattack. Its mission includes connecting government and industry members with one another and help them find the tools and other resources they need to strengthen cybersecurity.
CISA said it’s been working with partners in critical infrastructure in recent months to make them aware of what threats could be out there and to prepare in advance, instead of just responding after something happens.
CISA advised organizations of all sizes to ensure personnel use multi-factor authentication when logging on remotely to their networks or for privileged and administrative access, and to ensure their software is up to date to lessen the chances of a cyber intrusion. They should also make sure their IT departments have turned off any ports or protocols that aren’t needed to conduct business, and put strong controls in place if using cloud services.
If an organization becomes aware it may have been breached, CISA said their cybersecurity or IT personnel should quickly spot and assess anything out of the ordinary on their network, and make sure their network has the right software to protect against viruses or malware.
Organizations that work with Ukrainian organizations should take particular caution to monitor, inspect and isolate that traffic, and closely review the access controls, CISA said.
And organizations need to be prepared to respond if a cyberattack does occur, CISA said, such as by designating in advance a crisis response team. That team should designate the main points of contact and spell out the roles and responsibilities people within the organization — such as in the technology, communications or legal departments — should take if something happens. They should also make sure key personnel would be available if something happens and have a plan to surge support to respond when a cyber intrusion happens, CISA said. Organizations should hold tabletop exercises to make sure all personnel know what they should do if a cyber intrusion happens.
Organizations also need to test their backup procedures to make sure they can quickly restore critical data if it is hit by a destructive cyberattack such as ransomware, CISA said. They should also make sure their backups are isolated from network connections.
CISA said any incidents or suspicious activity should be reported to them or the FBI at the FBI’s CyWatch line, at 855-292-3937, or CyWatch@fbi.gov.
Stephen Losey is the air warfare reporter for Defense News. He previously covered leadership and personnel issues at Air Force Times, and the Pentagon, special operations and air warfare at Military.com. He has traveled to the Middle East to cover U.S. Air Force operations.