On March 21, 2022, the White House issued a dramatic warning based on “evolving intelligence” about the potential for Russia to threaten America with cyber attacks in response to U.S.-imposed economic sanctions. In a separate statement, President Biden said that “the Russian Government is exploring options for potential cyberattacks.” He urged the private sector, especially those that operate critical infrastructure, to “harden your cyber defenses immediately by implementing the best practices we have developed together over the last year.” According to Anne Neuberger, the Deputy National Security Advisor for Cyber and Emerging Technology, Russia has been conducting “preparatory activities”, which she said could include scanning of websites and hunting for software vulnerabilities.
In addition to CISA’s Shields-Up campaign, which we covered in a previous blog post, the White House’s March 21 Fact Sheet stresses the urgency of key cyber hygiene steps including recommendations to:
- Mandate multi-factor authentication.
- Deploy modern security tools to look for and mitigate threats.
- Verify cybersecurity professionals have patched and protected against known vulnerabilities.
- Ensure backups are offline, secure, and up to date.
- Run drills and exercises and review emergency plans so that you are able to respond quickly and minimize impacts.
- Encrypt data.
- Educate the workforce on common attack mechanisms over email and websites.
- Encourage the workforce and vendors to report suspected events immediately.
- Engage proactively with the local FBI field Office or CISA regional office to establish relationships. Distribute regional and local contact information to key persons and groups. Distribute the Internet Crime Complaint Center information to key persons and groups.
The White House notes that long term security requires that privacy and security are built into products, that products are developed on secure systems, that developers know and document the provenance or origin of components being used, and that all companies monitor for published information about vulnerabilities.
The White House notes that the administration is committed to doing “everything in our power to defend the Nation and respond to cyberattacks,” but extols companies to take urgent action, stating that “the reality is that much of the Nation’s critical infrastructure is owned and operated by the private sector and the private sector must act to protect the critical services on which all Americans rely.”
The Fact Sheet is available at: FACT SHEET: Act Now to Protect Against Potential Cyberattacks | The White House
Additional resources and information are available from the CISA Shields-Up campaign.
FBI cybersecurity contacts are available here
CISA information about international threats can be found here
Prior Sidley Post on Intelligence Agency Warnings on Russian Cyber Threats: Data Matters Privacy Blog U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks – Data Matters Privacy Blog (sidley.com)