This week the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA) issued a “SHIELDS UP” advisory. While it does not identify specific threats in the advisory, CISA states that the “Russian government understands that disabling or destroying critical infrastructure – including power and communications – can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives.” Given the situation in Ukraine, there is concern about an escalation of cyber threats even here in the US.
Steps identified in the advisory are those that many in the defense industrial base (DIB) are already aware of or implementing. No matter whether you engage in government contracting or focus on commercial activities, your IT systems may be at risk, so forewarned is forearmed. Here are some of the key steps identified in the advisory to help reduce damage from a cyber intrusion:
Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
Sign up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats
Do you have a crisis-response plan and team? If not, now is a good time to put one in place. Know what you have to do in the event of an incident and who has to do it. In addition to addressing the problem in real time, you will need to investigate, collect and preserve information for follow up reporting and remediation. Timely reporting of cyber incidents involves more than just putting in a call. Defense contractors are required to have a designated person with authority to operate the Department of Defense (DoD) Cyber Crime Center (DC3) portal to report cyber incidents. But there may be other places to report to as well. CISA and/or the Federal Bureau of Investigation (FBI) are also looking out for reports of incidents or unusual activities.
DoD DIB Collaborative Information Sharing Environment (DCISE) – https://dibnet.dod.mil ; DCISE@us.af.mil ; (hotline) (410) 981-0104/ (toll free) (877) 838-2174
CISA – https://www.cisa.gov/uscert/report
FBI (local field office) – https://www.fbi.gov/contact-us/field-offices
FBI (24/7 CyWatch) –CyWatch@fbi.gov ; (855) 292-3937
Even cyber intrusions that appear benign may result in infiltration of your networks, exfiltration of data, or more. Be alert to unexpected or unusual emails or network behavior, and ensure your antivirus and anti-malware are engaged to protect your networks. In the event you identify a potential cyber intrusion, act quickly to identify and address these threats.
Cyber incidents may trigger requirements beyond reporting on the incident to the government. If you have an actual or suspected cyber incident, consult with your counsel to assess and address these and other requirements. Contact the author or your Stinson counsel if you have questions about this advisory.