U.S. President Joe Biden is urging Americans to prepare for possible state-sponsored cyberattacks from Russia, while Canadian authorities warn we're also vulnerable to Russian cyberthreats.
On March 21, Biden issued a statement warning that Russia "could conduct malicious cyber activity against the United States" in response to the crippling sanctions imposed on the Kremlin by the U.S. and its allies, based on intelligence reports. Meanwhile, the Canadian Centre for Cyber Security is urging Canadians to "bolster their awareness of and protection against Russian state-sponsored cyberthreats."
Critical Infrastructure Could Be Targeted
Both Biden and Canadian authorities warned of Russia's penchant for attacking critical infrastructure. Russia has carried out numerous state-sponsored cyberattacks on U.S. defense, health care and government facilities sectors, according to the Cybersecurity and Infrastructure Security Agency (CISA).
For instance, in 2020, Russian state-sponsored cyberattacks targeted dozens of U.S. government and aviation networks, successfully compromising networks and exfiltrating data from victims. From 2011 through 2018, Russia carried out a "a multi-stage intrusion campaign" against U.S. and international energy sector networks, CISA reported.
Russia has also carried out various cyberattacks against Ukrainian critical infrastructure, CISA noted. In December 2015, Russia targeted Ukrainian energy distribution companies, resulting in multiple unplanned power outages. In 2016, Russia attacked a Ukrainian energy transmission company with malware designed to disrupt power grids.
How to Prepare for an Attack
As geopolitical tensions continue to escalate, the Canadian Cyber Centre recommended organizations increase their vigilance against cyberthreats, make sure they have an incident response plan and enhance their cybersecurity posture.
Canadian authorities also warn that organizations should be prepared to isolate their critical infrastructure services and components from the internet. Organizations should test their manual controls to ensure critical functions remain operable if networks are compromised.
The Canadian Cyber Centre has published several resources on shoring up cybersecurity, including articles on security considerations for industrial control systems, the top 10 ways to protect internet-connected networks and security vulnerabilities and patches.
Cybersecurity Is an Organizational Responsibility
While governments are urging caution against cyberthreats from Russia, there's only so much the government can do to protect you. Cybersecurity remains an organizational responsibility.
"Most of America's critical infrastructure is owned and operated by the private sector and critical infrastructure owners and operators must accelerate efforts to lock their digital doors," Biden said in his statement, adding that "your vigilance and urgency today can prevent or mitigate attacks tomorrow."
The same applies in Canada. Organizations must remain vigilant to cyberthreats, and that means having an effective cybersecurity program, incident response plan and training in place for staff. The MLT Aikins Privacy, Data Protection & Cybersecurity team has extensive experience helping clients develop effective strategies to prevent and respond to cyberattacks. Download our cybersecurity checklist to assess your current cybersecurity strategy.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
