On Monday and based on evolving intelligence, President Biden warned of increased potential of cyberattacks on critical infrastructure in the United States and his administration renewed its calls for all organizations to bolster their cyber defenses in this Statement from the President.

We have seen similar warnings before. It’s easy to get jaded or to let down our guard because we have not seen the cyber meltdown that was predicted to coincide with the onset of a kinetic conflict involving top-tier military powers.  But according to Anne Neuberger, the White House’s Deputy National Security Adviser for Cyber and Emerging Technology, this warning is “based on evolving threat intelligence, that the Russian government is exploring options for potential cyberattacks on critical infrastructure in the United States.”

The advice given seems somewhat old-hat—use multi-factor authentication (MFA), log your systems, look at the logs, use encryption, develop emergency contingency plans, test your plans, and patch!

And yet, we are seeing these words and this advice come directly from the President of the United States. This signals two things:

1. There is a renewed sense of urgency that the nature of the conflict could likely shift into cyber domains.
2. Far too many systems are still not doing the basics necessary to stave off even fairly unsophisticated attacks.

People around the world are watching the conflict and wondering, “what can I do to help?” and the President’s Statement gives an answer.  It’s not asking anyone to grow victory gardens or collect tin scraps for military hardware. It’s guiding everyone to take basic steps to ensure their computers and network-connected systems are not the next vector of attack in this expanding war.  And based upon this imminent threat, the time to act is now!

Matt Olney, of Cisco Talos Intelligence Group posted this series of Tweets on January 24^th that will give you some insight into the motivations of the threat advisory.  Matt and his team have been fully engaged in Ukraine for a long time as he details in his blog, Cisco stands on guard with our customers in Ukraine.

To help you as you shore up your cyber defenses, Bruce Brody originally posted this blog – “Left of Boom” Cybersecurity: Proactive Cybersecurity in a Time of Increasing Threats and Attacks on October 18, 2021.   Left of Boom refers to actions you can take to protect your organization before a cyber incident.  It includes the following advice:

• Have visibility and control of all assets and actionable metrics to measure cyber risk
• Understand what runs the essential business and mission operations and prioritize these high value assets (HVAs)
• Move to the cloud. The major cloud providers are inherently more secure than almost anything that can be done internally, and they’re getting more secure all the time.
• Implement multi-factor authentication (MFA) as soon and as efficiently as possible.
• Put controls in place to secure the supply chain, and require a software bill of materials (SBOM) from suppliers.
• Put controls in place to protect against insider threat.
• Reduce the attack surface and manage the endpoints.
• Run very good anti-malware continuously, and make sure all systems are patched and updated continuously.
• Backup all critical data at least daily.
• Build out a Zero Trust Architecture (ZTA), and adopt a “Zero Trust or Bust.”
• Practice.
• Cyber insurance is not the answer! You need the proper controls with or without it.
• Build for Cyber resiliency – it offers the best chance for achieving mission and business goals in the face of increasing sophisticated cyber attacks.

Bruce also highlights several Frameworks that offer great guidance to make your cyber decisions. They include: The NIST Cybersecurity Framework (CSF),  MITRE ATT@CK and MITRE D3FEND, ISO 27001, and Center for Internet Security (CIS) 20 Critical Controls.

Bruce concludes his “Left of Boom” guidance by defining “Right of Boom” as the things you will do to recover after an event and how important it is to be prepared with Disaster Recovery Planning (DRP), Business Continuity Planning (BCP), and Continuity of Operations Planning (COOP).

I hope you will find these resources useful as you respond to this call for action from the President.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn