The afternoon March 21, President Joe Biden issued a warning to the country’s businesses to “accelerate your work to improve domestic cybersecurity” given the potential that “Russia could conduct malicious cyber activity against the United States.”
The President highlights how much of the U.S. critical infrastructure is owned and operated by the private sector, which makes this warning all the more important. He urged infrastructure owners to “accelerate efforts to lock their digital doors.”
In support of this warning from the White House, the Cybersecurity and Infrastructure Security Agency (CISA) issued a “Shields Up” where the organization explains in plain-speak how the threat to the homeland is real, given the “unprecedented economic costs imposed on Russia by the U.S. and our allies and partners.” The missive continues how available intelligence indicates the Russians are exploring options to launch cyberattacks against the United States. The CISA note emphasizes, “Every organization – large and small – must be prepared to respond to disruptive cyber incidents.”
CISA guidance
Decision makers within corporations are urged by CISA to empower their Chief Information Security Officers by including them in cost and operational risk discussions. They also recommend that entities plan for the worst, even though there are currently no credible threats. Senior managers are encouraged to have in place those plans and procedures to ensure business continuity in the event of a cyber attack.
CISA goes on to provide a plethora of information to bring those responsible for safeguarding information up-to-speed, and also provides links to a catalog of free services which government partners and industry available to assist businesses.
Finally, CISA includes steps which families should be taking with respect to cyber hygiene. The recommendation is to use multifactor authentication, keep your apps and software up-to-date, think before you click, and use strong passwords.
national industrial security programs
Leaders of national industrial security programs should takes steps now, to ensure that the unclassified side of their engagement with government and industry is buttoned-down. The White House in their accompanying Fact Sheet listed a number of actions which are table stakes in the protection of data.
- Multifactor authentication
- Update security tools
- Have information security personnel verify known vulnerabilities are mitigated
- Backup data and have a cold backup (off line)
- Practice emergency processes and procedures in the event of a cyber attack
- Embrace encryption – protect your data in the event it is stolen/lost
- Cybersecurity awareness – educate employees on the strategy and tactics of social engineers, phish, and other means by which miscreants engage targeted employees
- Establish a connection with your local FBI and/or Regional CISA office – now, before a cyber attack.
###
President Biden’s Statement on the Nation’s Cybersecurity
White House Fact Sheet – Act now to protect against potential cyberattacks
CISA Shields Up – Guidance for all organizations