Reports of US and NATO talks with Russia over Russian preparations to invade Ukraine are not optimistic. (The Moscow Times' coverage is representative, as is the AP's.) Russia is concerned about NATO encroachment into what it regards as its proper security sphere of influence; NATO and the US are concerned over an expansion of Russian aggression against its neighbor. That aggression is conventionally held to have begun with the Russian annexation of Crimea in 2014.
Western powers have offered Ukraine various forms of support. The New York Times has reported that the US and UK have lent expertise to Ukraine intended to shore up that country's power grid against disabling cyberattacks of the kind Russia has mounted before. The US has also, CNN says, allocated some $200 million in security assistance for Kyiv, which has said, according to Reuters, that it's "united" with Washington against Moscow.
Both Russian and Ukrainian forces remain in a high state of readiness. Since cyber operations in wartime amount to combat support, the increased risk of kinetic war carries with it an increased risk of action in cyberspace.
Yesterday afternoon the US Cybersecurity and Infrastructure Security Agency (CISA) issued a joint warning with the FBI and NSA, "Alert (AA22-011A) Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure." CISA Director Jen Easterly tweeted this brief commendation of the joint advisory her agency issued yesterday in conjunction with the FBI and NSA: "Russian state-sponsored malicious cyber activity is a continuing threat to our critical infrastructure—why we’re working closely w/public & private sector partners to reinforce the importance of vigilance against these threats; read our latest advisory." Stressing vigilance, NSA Cybersecurity Director Rob Joyce emphasized this in a tweet: "Logging is key! With Russian focus on persistent access to compromised networks, you need robust logs and focused effort to hunt, find, and kick them out."
The Alert doesn't call out the threat of Russian military operations against Ukraine as the proximate cause of the warning, but its timing seems hardly coincidental. "This CSA provides an overview of Russian state-sponsored cyber operations; commonly observed tactics, techniques, and procedures (TTPs); detection actions; incident response guidance; and mitigations," the Summary says. "This overview is intended to help the cybersecurity community reduce the risk presented by these threats."
The Alert is directed toward critical infrastructure providers, but its recommendations have broad applicability to any organization that faces a risk of cyberattack. At a high level, those recommendations are summarized as follows:
- "Patch all systems. Prioritize patching known exploited vulnerabilities."
- "Implement multi-factor authentication."
- "Use antivirus software."
- "Develop internal contact lists and surge support."
CISA and its partners have provided, at the very least, a detailed overview of past Russian cyberattacks (and there's no ambiguity in the Alert's attributions) as well as advice on the tactics, techniques, and procedures organizations can use to help secure themselves. Those responsible for cybersecurity, anywhere, and in any kind of organization, should give this Alert close attention.
Bloomberg reports that the EU's member states are holding a series of cyber "stress tests" this week designed to check Europe's resilience to attacks on supply chains, and to give them the ability to redress any shortfalls they discover. "The exercise will be structured around a gradual escalation toward a major crisis that culminates in an attack that could qualify as an armed aggression under the United Nations Charter, according to one of the documents. In order to be as realistic as possible and better prepare the bloc for a real-world attack, it will be modeled on incidents that have taken place or could occur in the near future," Bloomberg writes. The exercises were proposed by France.
More of the CyberWire's coverage of Russo-Ukrainian tension can be found here.