What is happening
On Wednesday February 23rd, 2022, Russian troops outside of Ukraine began infiltrating the borders of the Ukraine. Despite all the warnings and threats of sanctions from NATO nations, Russia continued to invade Ukraine territory. Since then, Russian troops have taken control of Chernobyl, and there has been bombings and clashes in Ukraine’s capitol city of Kyiv.
The European Union joins NATO countries in implementing sanctions against Russia.
The president of Ukraine Zelensky gave a warning that “sabotage groups have entered Kyiv,” and has urged residents to be vigilant and observe curfew rules. There are several reports of fighting an explosion in the city.
The Chinese media stated that Putin and President Xi Jinping spoke today, agreeing to open negotiations to end hostile environment.
How Does It Affect You?
The issues in the Ukraine may seem far away; however, the turmoil can still affect us here United States. The biggest way is in terms of Cybersecurity. Today, Vladimir Putin has already warned his citizens of a potential cyber-attack on the Russian critical infrastructure. Which means that hackers could potentially affect computers that control water, gas pumps, electricity. This also means there is the potential for retaliation.
in 1945, the first atomic bomb was dropped in Hiroshima. People have since not wanted to use that as a means of attacking because of the fear and devastation it could cause. Likewise, we haven’t had too many cyberattacks on critical infrastructure because of the fear of what kind of damage and devastation it could cause. While the United States infrastructure security is getting better, we still have Programmable Logic Controls (PLC) in Critical Infrastructure Systems (CIS) that are over 30 years old with internet connection. This means that with the right malicious software, and some knowledge of PLC, you could potentially bring down systems that control water, electricity, and gas pumps. That is the worst-case scenario but it’s something to keep in mind as the Russia/Ukraine situation continues to escalate.
In support of Ukraine, the hacker group Anonymous claimed to wage cyberwar on Russia. This could potentially have a negative on United States private and public organizations and cybersecurity teams. The Cybersecurity & Infrastructure Security Agency (CISA) has warned Americans about the potential for Cyber war, “While there are no specific or credible cyber threats to the U.S. homeland at this time, we are mindful of the potential for Russia’s destabilizing actions to impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our Allies. Every organization—large and small—must be prepared to respond to disruptive cyber activity.”
How to Prepare
Reduce the likelihood of a damaging cyber intrusion
- Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
- Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
- Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
- If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
- Sign up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.
Take steps to quickly detect a potential intrusion
- Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
- Confirm that the organization’s entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
- If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.
Ensure that the organization is prepared to respond if an intrusion occurs
- Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business continuity.
- Assure availability of key personnel; identify means to provide surge support for responding to an incident.
- Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.
Maximize the organization’s resilience to a destructive cyber incident
- Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections.
- If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.
What can cyber war mean for the majority of citizens caught in the crossfire? Time will tell. In the mean time, keep your computers, phones, smart devices, and technology updated with the latest patches to fix security vulnerabilities.