Biden Administration, CISA, FBI, and NSA Respond to Cybersecurity Threats to Critical Infrastructure Posed by Russia
(By Justine Kasznica and Ember Holmes)
On March 21, 2022, President Biden issued a statement in response to evolving intelligence that Russia is exploring options for malicious cyberattacks against the United States. The statement highlights the measures taken by the Administration to strengthen cyber defenses within the federal government and, to the extent that it has authority, within critical infrastructure sectors. Additionally, President Biden called on private sector critical infrastructure owners and operators to accelerate and enhance their cybersecurity measures, urging them to take advantage of public-private partnerships and initiatives, including those administered by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). Appended to President Biden’s statement was a Fact Sheet, which outlines specific steps that companies can take to bolster cybersecurity across the nation, and refers readers to various resources compiled by CISA, as part of a cybersecurity campaign.
In November 2021, the Biden administration began ramping up its cybersecurity and defense measures in response to Russian President Vladimir Putin’s escalating aggression toward Ukraine. On January 11, 2022, CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued Alert AA22-011A, “Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure,” which provided an overview of Russian state-sponsored cyber operations; commonly observed tactics, techniques, and procedures (TTPs); detection actions; incident response guidance; and mitigations. The Biden administration, CISA, FBI, and NSA continued to monitor the level of risk posed by Russia, which recently escalated based on intelligence indicating that Russia is planning cyberattacks against the United States in response to economic sanctions that the United States has imposed.
What is Shields Up?
Shields Up is a cybersecurity campaign formed out of the combined efforts of CISA and the FBI to help organizations prepare for, respond to, and mitigate the impact of cyberattacks by Russia. Although the campaign is focused on critical infrastructure, CISA has emphasized that all organizations, regardless of sector or size, must be prepared to defend against and respond to disruptive cyber incidents.
On March 22, 2022, CISA hosted an Unclassified Broad Stakeholder Call to brief attendees on the escalating threat of cybersecurity attacks by Russia. Jen Easterly (Director of CISA), Matt Hartman (Deputy Executive Assistant Director of Cybersecurity of CISA), and Tonya Ugoretz (Deputy Assistant Director of the FBI Cyber Division) addressed attendees, focusing their comments on the Shields Up campaign, and highlighting most important actions that organizations can take to prevent, detect, and respond to possible cyberattacks. A condensed list of these actions includes:
- Familiarize yourself with your networks and actively patrol systems, including informational and operational technology, for perceived threats or unexpected events (identified TTPs, malware signatures, etc.);
- Regularly scan public-facing programs, systems, and software for vulnerabilities;
- Secure your systems and credentials by using complex passwords, two-factor authentication, encryption, patching, etc.;
- Maximize resilience to cyberattacks by strengthening security of operating systems, software, and firmware, and by scheduling automatic updates of these systems;
- Prepare a cyber incident response plan that includes FBI contact information for reporting, as well as contact information for an incident response firm and outside legal counsel; and
- Report any incidents immediately, and maintain a low threshold for reporting.
In addition to the foregoing broad, categorical guidance and advice, the Shields Up website has valuable resources to assist those in the private sector with the development and implementation of enhanced security measures. These resources include technical guidance, a catalog of known exploited vulnerabilities, a catalog of free cybersecurity services and tools provided by the federal government, a catalog of free cyber hygiene services, a ransomware guide, and many other preparedness and response resources.
Babst Calland attorneys are closely following these developments. If you have questions or need additional information, please contact Justine M. Kasznica at 412-394-6466 or email@example.com or Ember K. Holmes at 412-394-5492 or firstname.lastname@example.org.
To view the PDF, click here.