The U.S. government’s Cybersecurity & Infrastructure Agency (CISA) continues to urge business owners to implement immediate cybersecurity measures to protect against potential threats after malicious cyber incidents in Ukraine which recently knocked out government websites. This comes on the cuffs of Russian cyber threats to U.S. critical infrastructures after a joint release from CISA, the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA).
The cybersecurity advisory urges the cybersecurity community, especially critical infrastructure network defenders, to be on alert for malicious cyber activity. Organizations are strongly advised to take immediate action based on the following checklist, regardless of size or sector to:
- Reduce the likelihood of a damaging cyber intrusion
- Detect a potential intrusion
- Ensure the organization is prepared to respond if an intrusion occurs, and
- Maximize the organization’s resilience to a destructive cyber incident
According to the U.S. Office of the Director of National Intelligence 2021 Annual Threat Assessment, “Russia continues to target critical infrastructure, including underwater cables and industrial control systems, in the United States and in allied and partner countries, as compromising such infrastructure improves—and in some cases can demonstrate—its ability to damage infrastructure during a crisis.”
The Assessment states that “Russia almost certainly considers cyber attacks an acceptable option to deter adversaries, control escalation, and prosecute conflicts.”
What is Considered a Critical Infrastructure?
CISA lists 16 different industries as critical infrastructure sectors including energy, food and agriculture, water, communications, manufacturing, financial services, healthcare and information technology to name a few. These sectors are so vital that ongoing threats prompted the White House to implement federal cybersecurity guidelines in 2021 – many with compliance deadlines attached.
While last year saw high-profile breaches like Solar Winds, Colonial Pipeline and JBS Foods, Stinnett experts believe 2022 will be the year of cybersecurity compliance. Now is the time to be vigilant in plugging potential gaps in systems to protect your organization’s infrastructure from ongoing threats.
Are you interested in evaluating your current security strategies? Our data privacy and cybersecurity team perform assessments of critical infrastructure operations technology and industrial controls systems. We’re ready to help.
Stinnett & Associates is not a CPA firm.