- February 25, 2022
- Tag: Federal
The ongoing geopolitical tension between Russia and Ukraine has far-reaching implications for global trade, commerce, and peacetime efforts. In addition, the economic impact of sanctions imposed by U.S. President Joe Biden—such as increasing gas prices, semiconductor shortages, inflation, unstable stock markets, and more—can worsen many long-standing issues.
Considering the heightened tension and its potential impacts, the Cybersecurity and Infrastructure Security Agency (CISA) issued alerts to all U.S. companies, warning of potential Russian-sponsored cyber threats against critical infrastructures via the use of destructive malware deployment. In this article, we shall explore dissect recent CISA alerts and how the Russian-Ukrainian geopolitical tension can affect cyberspace and other U.S. critical sectors, such as financial services.
Why Does Geopolitical Tension Bleed into Cyberspace?
The Russian government’s use of offensive cyber operations to target military and non-military assets to achieve its strategic objectives has remained a consistent threat since the cold war. The Putin-led government views cyberspace as a powerful platform for asserting global influence and dominance. Therefore, employing cyberweapons during geopolitical conflicts has become a military tool for warfare. For instance, targeting the critical infrastructure of the Ukrainian government and its allies before launching military assaults allows Russia to collect strategic information and prepare for disruptive cyber operations.
Moreover, by disrupting Ukraine’s infrastructures, such as oil and gas supply, water supply, etc., Russia inevitably causes widespread panic that demoralizes the Ukrainian citizens. Nations use cyberspace as a defensive and offensive strategic platform during geopolitical tension. Influencing cyberspace allows nation-states to gain a foothold within established critical industries, exploit information platforms, and destabilize computing processes. Time and again, the nation-state–sponsored cyber actors have compromised crucial national infrastructure sectors, including telecommunications, power, and utilities.
Moreover, investigations have revealed that Russian actors target more small and more vulnerable organizations within these verticals using publicly available penetration testing tools and malware.
What Are the Associated Cyber Threats?
State-sponsored attacks are carried out primarily for information, extortion, or exploiting the vulnerabilities in a nation’s critical infrastructure. The motive is principally political and financial. State-sponsored attacks use standard generic methodologies as they are practical and do not immediately implicate any particular group.
Below are some threats that state-sponsored cyber-attacks pose:
- Surveillance: a man-in-the-middle attack vector is suited for intelligence gathering operations. In addition, state-sponsored actors use surveillance tactics to develop mis-mal-information campaigns capable of crumbling entire governments.
- Espionage: Stealing ideas or state-of-the-art technology for economic gain.
- Disruption to critical infrastructure: Attacking essential infrastructure systems thus, causes significant confusion and chaos.
- Destruction: Overwhelming the system to hurt economic output or controlling it remotely to cause damage and destruction.
How to Respond to Cyber Threats from State-sponsored Attackers
Several CISA issuances aim to help organizations understand, mitigate, and protect against potential threats. Organizations should review these controls, immediately create backups to protect from ransomware attacks, and update the incident response plan. Moreover, security professionals should validate remote access to an organization’s network infrastructure and implement multi-factor authentication controls.
All software must be up-to-date, and unessential ports and protocols must be disabled. CISA also issues a guideline for companies working with Ukrainian organizations to monitor, inspect, and isolate traffic. In addition, organizations must reassess essential services and the potential impacts of an extended disruption.
Here are some additional considerations:
- Identify the minimum state of operations required to maintain essential services.
- Make alternate arrangements in the event of payment system disruptions.
- Identify how you will access essential bookkeeping records to service your customers and maintain operations.
- Review and analyze the best way to address the potential for an extended outage of power, telecommunications, and financial market infrastructures.
- Discuss with senior management and board how to address the potential of an extended outage of access to data and functionality from the core processor and other technology service providers.
Given the rising geopolitical tension between Russia and Ukraine, the US government has warned its citizens of impending cyberattacks from Russia. Therefore, organizations must brace themselves and create incident response plans while the geopolitical tensions escalate. In addition, organizations should recognize the risk of Russia’s attempt to destabilize its opponents. Therefore, the best way to approach the looming threat of state-sponsored cyberattacks is to implement the CISA-recommended practices as soon as possible and strengthen cybersecurity posture.