CISA Releases New Cybersecurity Guidance

WEDNESDAY, MARCH 2, 2022


The Cybersecurity and Infrastructure Security Agency has recently released new insight and advisories to protect critical assets amid cyberattacks on the Ukraine government and critical infrastructure. The agency states that while there are no specific or credible cyber threats to the United States at this time, organizations should prepare to respond to disruptive cyber activity.

CISA Insight, Advisory

On Feb. 18, the CISA released a new Insight, “Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure,” providing owners and operators guidance on how identify and mitigate the risks of influence operations that use mis-, dis- and malinformation (MDM) narratives.

According to the release, recently observed foreign influence operations abroad how quickly these techniques can be employed to target and disrupt U.S. critical infrastructure and interests. CISA says that the document is intended to raise awareness, outline steps to mitigate the effects of MDM and impelement an MDM incident response plan.  

“We need to be prepared for the potential of foreign influence operations to negatively impact various aspects of our critical infrastructure with the ongoing Russia-Ukraine geopolitical tensions,” said CISA Director Jen Easterly. “We encourage leaders at every organization to take proactive steps to assess their risks from information manipulation and mitigate the impact of potential foreign influence operations.” 

Critical infrastructure owners are encouraged to:

  • Designate an individual to oversee the MDM incident response process and associated crisis communications;
  • Establish roles and responsibilities for MDM response, including but responding to media inquiries, issuing public statements, communicating with your staff and engaging your stakeholder network; 
  • Ensure your communication systems are set up to handle incoming questions. Phones, social media accounts and centralized inboxes should be monitored by multiple people on a rotating schedule to avoid burnout;
  • Identify and train staff on reporting procedures to social media companies, government, and/or law enforcement; and
  • Consider your internal coordination channels and processes for identifying incidents, delineating information sharing and response. Foreign actors can combine influence operations with cyber activities, requiring additional coordination to facilitate a whole-of-organization response. 

On Feb. 26, CISA and the Federal Bureau of Investigation issued a joint Cybersecurity Advisory guiding organizations on how to detect and protect their networks from destructive malware. These malwares, WhisperGate and HermeticWiper, were both used to target organizations in Ukraine.

CISA recommends that organizations assess and bolster their cybersecurity, while there is no specific threat to the U.S. at this time, by:

  • Enabling multifactor authentication;   
  • Setting antivirus and antimalware programs to conduct regular scans;   
  • Enabling strong spam filters to prevent phishing emails from reaching end users;   
  • Updating software; and   
  • Filtering network traffic.

“In the wake of continued denial of service and destructive malware attacks affecting Ukraine and other countries in the region, CISA has been working hand-in-hand with our partners to identify and rapidly share information about malware that could threaten the operations of critical infrastructure here in the U.S.,” Easterly said.

“Our public and private sector partners in the Joint Cyber Defense Collaborative (JCDC), international computer emergency readiness team (CERT) partners, and our long-time friends at the FBI are all working together to help organizations reduce their cyber risk.”     

"The FBI alongside our federal partners continues to see malicious cyber activity that is targeting our critical infrastructure sector," said FBI Cyber Division Assistant Director Bryan Vorndran. "We are striving to disrupt and diminish these threats, however we cannot do this alone, we continue to share information with our public and private sector partners and encourage them to report any suspicious activity.

“We ask that organizations continue to shore up their systems to prevent any increased impediment in the event of an incident."   

In addition to the CISA Insight and advisory, the agency has updated its “Shields Up” webpage to include new services and resources, including recommendations for corporate leadership and actions to protect critical assets. The technical guidance page details other malicious cyber activity affecting Ukraine, with resources to assist organizations against these threats.

NY Cyber Command Center

To combat cybersecurity attacks and protect critical infrastructure, New York Governor Kathy Hochul and several mayors from across the state unveiled a new Joint Security Operations Center last week. The center, headquartered in Brooklyn, will reportedly be the first of its kind, coordinating cybersecurity efforts across the state and helping to foster collaboration among city, state and federal entities.

“New York has the opportunity to pioneer an integrated, statewide approach to cybersecurity, and I'm proud to announce this innovative partnership with Mayor Adams and New York City, our upstate cities, and government and business leaders across the state,” said Hochul

“Cybersecurity threats pose a risk to every facet of our lives. That's why I put improving our cyber infrastructure at the forefront of my administration as we chart a course to better protect our state and our citizens. The Joint Security Operations Center will serve as the epicenter in helping to defend against this emerging threat.”

New York City Mayor Eric Adams also signed Executive Order 10, which sets forward the roles and responsibilities of the New York City Cyber Command under the direction of the New York City Office of Technology and Innovation. Each city agency will also be required to designate a cyber command liaison to share information, monitor threats and adopt best practices around cyber security.

“Technology runs our water, controls our electricity, and notifies us during an emergency, so cyber attacks have the ability to bring our entire city to a halt if we are not prepared,” said Mayor Adams. “Our city is a prime target for those who want to cause destruction, and while New York City Cyber Command is already a national model for impeding these threats, it's time our cybersecurity gets moved to the next level.

“The new Joint Security Operations Center will take an integrated and holistic approach to hardening our cyber defenses across the city and the state, building on the robust cyber infrastructure New York City has developed in recent years.”

According to the release, the JSOC will be staffed by NYC3, federal and state law enforcement entities and representatives from local and county governments. Using telemetry data, the command center will reportedly strengthen the state’s threat detection capabilities by allowing officials to assess and monitor threats in real time.

Additionally, the JSOC will streamline threat intelligence and response in the event of a significant cyberattack.

Previous Cybersecurity Advisory

In January, CISA, the FBI and the National Security Agency issued a joint Cybersecurity Advisory warning of Russian cyber threats to critical infrastructure in the United States.

The CSA provides an overview of Russian state-sponsored cyber operations, including commonly observed tactics, techniques and procedures, and provides detection actions, incident response guidance and mitigations. The agencies encourage critical infrastructure cybersecurity communities to “adopt a heightened state of awareness” against the threats.

While no specifics about the threats were mentioned, the CSA was released “to warn organizations of cyber threats and help the cybersecurity community reduce the risk presented by these threats.” The release outlines several mitigation strategies to reduce risk of compromise, including:

  • Be prepared: Confirm reporting processes and minimize personnel gaps in IT/OT security coverage. Create, maintain and exercise a cyber incident response plan, resilience plan and continuity of operations plan so that critical functions and operations can be kept running if technology systems are disrupted or need to be taken offline;
  • Enhance your organization’s cyber posture: Follow best practices for identity and access management, protective controls and architecture and vulnerability and configuration management; and
  • Increase organizational vigilance: Stay current on reporting on this threat. Subscribe to CISA’s mailing list and feeds to receive notifications when CISA releases information about a security topic or threat.

According to reports, the guidance arrived after White House National Cyber Director Chris Inglis testified before Congress in November that there was a “discernible decrease” in the number of cyberattacks against U.S. companies that could be traced back to Russia, with no clear reason behind the decrease.

Multiple cyberattacks by Russia-based groups against U.S. companies happened last year, including against Colonial Pipeline, meat producer JBS USA and IT group Kaseya.

The week prior to the release, Ukraine government websites were defaced and potentially destructive malware was detected on Ukrainian systems. Oleg Nikolenko, Ukraine’s foreign ministry spokesman announced that the investigation is ongoing, but preliminary reports suggested that the Russian secret services hacker groups were behind the attack on as many as 70 central and regional authority websites.

Following the cyber incidents, the CISA also published a checklist of actions for organizations, regardless of sector or size, to take to protect against cyber incidents.

“The identification of destructive malware is particularly alarming given that similar malware has been deployed in the past—e.g., NotPetya and WannaCry ransomware—to cause significant, widespread damage to critical infrastructure,” stated the release.

   

Tagged categories: Government; Infrastructure; Infrastructure; NA; North America; Program/Project Management; Security; Technology

Join the Conversation:

Sign in to our community to add your comments.