Russia's unprovoked invasion of Ukraine and the subsequent widespread sanctions and condemnation by leaders across the world, including the United States and NATO allies, have raised concern about Russian retaliation using cyberwar tactics. Both in the private and public sectors, cybersecurity experts encourage increased vigilance. The federal government is responding to this increased threat by advocating for safer cybersecurity habits through the Cybersecurity and Infrastructure Security Agency's (CISA) "Shields Up" Programpromoting new ransomware response guidancerestructuring crucial elements of the internet backbone to strengthen security, and by legislatively enforcing mandatory reporting timelines.

The Risk to the Private Sector – What You Can Do to Prepare

From SolarWinds to Colonial Pipeline, Russian-connected threat actors have demonstrated the capability to wreak havoc on the private and public sectors. Cybersecurity experts have been monitoring increased nation-state activity during the ongoing conflict in Ukraine. Hefty U.S. sanctions imposed on Russia could make the United States a top target of Russian cyberattacks, particularly if additional U.S. measures impact energy exports, the main source of hard currency for Russia. These threats may come in the form of ransomware locking down personal or business systems, or through more complex infrastructural attacks targeting internet access, financial systems, or even the power grid. Cybersecurity experts and CISA are encouraging businesses and consumers to practice good "cyber hygiene," such as:

  • Implementing multifactor authentication, which mitigates the weakness of password-only security based systems;
  • Ensuring software and firmware are up-to-date on all devices, especially anti-virus and anti-malware software and web browsers;
  • Enforcing strong password policies and encouraging password changes on a regular basis;
  • Increasing vigilance for highly complex phishing attacks and implementing a "think before you click" approach; and
  • For Ukrainian-connected organizations, monitoring and responding to incidents on their network, and isolating any traffic coming from Ukraine.

NIST Ransomware Response Guidance

The propensity of Russian threat actors using ransomware as a preferred method of attack should encourage entities to implement robust risk management and response plans. The National Institute of Standards and Technology (NIST) published a quick start guide to aid organizations in their use of the NIST Ransomware Risk Management Cybersecurity Framework Profile. This guide and the broader framework profile mirror the NIST Cybersecurity Framework (which aids organizations in managing and reducing cybersecurity risks) in its core cybersecurity functional approach, while also offering guidance specific to ransomware threats. The Framework is organized by five key functions:

  • Identify – Develop an organizational understanding to manage cybersecurity risks to systems, assets, data, and capabilities.
  • Protect – Develop and implement the appropriate safeguards to ensure delivery of services.
  • Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
  • Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
  • Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.

FCC Encourages Increased Security Measures 

The Federal Communications Commission (FCC) unanimously approved a notice of inquiry for secure use of the internet's global routing system, the Border Gateway Protocol (BGP), in light of Russia's aggression. This inquiry will focus on vulnerabilities of the internet's global routing system and will also examine the potential impacts that these vulnerabilities can have on the transmission of data through email, e-commerce, bank transactions, interconnected Voice-over Internet Protocol, and other electronic transmission sources. Known vulnerabilities surrounding the BGP already exist, some of which Russian-connected threat actors have exploited, including the ability to manipulate the BGP to execute a distributed denial of service attack ("DDoS attack") and to reroute and steal data. The inquiry notes a range of measures that NIST, the Internet Engineering Task Force, and the FCC have recommended. Such measures, however, have not been uniformly adopted. This is an important inquiry to monitor as network operators may soon face increased security requirements, including heightened security standards known as "BGPsec," in order to mitigate critical vulnerabilities.

Senate Passes the Strengthening American Cybersecurity Act

With the growing threat of Russian cyberattacks, the Senate expedited its approval of the Strengthening American Cybersecurity Act. If enacted, the Act will impose rapid reporting deadlines for critical infrastructure operators and federal agencies. This legislation would impact companies across 16 federally designated critical infrastructure sectors, including energy and financial services. It includes the following paraphrased provisions:

  • Critical infrastructure operators and federal agencies must report cyberattacks within 72 hours and ransomware payments within 24 hours to CISA. These reporting obligations also require prompt submission of supplemental reports until the incident is fully resolved.
  • Current federal cybersecurity laws would be updated to enhance coordination between federal agencies.
  • All federal civilian agencies would be required to report any substantial cyberattacks to CISA.
  • The Federal Risk and Authorization Program (FedRAMP) will be given a five-year authorization to ensure federal agencies are able to adopt cloud-based technologies.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.