Blogs

Due to escalating tensions between the United States and Russia related to Ukraine, and evidence of malicious state-sponsored cyberattacks related to the Ukraine conflict, the United States Cybersecurity and Infrastructure Security Agency (CISA) is reaching out to critical infrastructure partners to encourage heightened vigilance against anticipated cyber-threats targeting assets within the United States. CISA is encouraging special districts, particularly those providing critical infrastructure services, to review CISA resources and prepare for potential threats. Special Districts should have cybersecurity incident response plans in place, review access logs for unusual activity, review security in connection with endpoint devices and peripherals, and lower the threshold for reporting suspicious activity to CISA (central@cisa.dhs.gov) or a local FBI field office. Special Districts may also wish to consult CISA’s known vulnerabilities website (Known Exploited Vulnerabilities Catalog | CISA).

Additional information from CISA is below:
Rapidly escalating tensions in Eastern Europe have increased concerns about the risk of cyber threats that can disrupt essential services in the United States and potentially result in impacts to public safety. Most recently, public and private sector entities in Ukraine have suffered a series of malicious cyber incidents, including website defacement and private sector reports of potentially destructive malware on their systems that could result in severe harm to critical functions. The identification of destructive malware is particularly alarming because similar malware has been deployed in the past-e.g., NotPetya and WannaCry ransomware-to cause significant, widespread damage or lack of availability to critical functions and/or critical cyber-dependent infrastructure.

 Based on this heightened threat, please consulting some of the following links from CISA for controls and other best practices in cyber risk mitigation:
1. https://www.cisa.gov/shields-up

This article page consolidates CISA's published resources on cyber threats related to the current geopolitical tensions. It is designed to help critical infrastructure owners and operators mitigate possible cyber threats and strengthen their cybersecurity posture.
 
a. Alert (AA22-047A): Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology https://www.cisa.gov/uscert/ncas/alerts/aa22-047a (February 2022) - A joint cybersecurity advisory with the FBI and the NSA about Russian state-sponsored cyber actors targeting cleared defense contractors in the United States; includes detection and mitigation recommendations to reduce the risk of data exfiltration.

b. CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats https://www.cisa.gov/sites/default/files/publications/CISA_Insights-Implement_Cybersecurity_Measures_Now_to_Protect_Against_Critical_Threats_508C.pdf (January 2022) -

An executive-level product that recommends urgent, near-term steps to reduce the likelihood and impact of a potentially damaging compromise.

c. Alert (AA22-011A): Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure https://www.cisa.gov/uscert/ncas/alerts/aa22-011a (January 2022) -

A joint cybersecurity advisory with the FBI and NSA about the Russian threat to critical infrastructure, including specific tactics, techniques, and procedures associated with Russian actors.

CISA has no-cost Cyber Hygiene services https://www.cisa.gov/cyber-hygiene-services -including vulnerability scanning, web application scanning, phishing campaign assessments, and remote penetration tests-as well as free services and tools offered by trusted private sector partners (see the Free Cybersecurity Services and Tools https://www.cisa.gov/free-cybersecurity-services-and-tools page on CISA's website). Always remember to report cyber incidents to CISA Central (central@cisa.dhs.gov).