Joint FBI/CISA/NSA Warning On Russian Threats To Critical Infrastructure

The FBI, CISA, and NSA today jointly warned critical infrastructure organizations to adopt a heightened state of awareness and to conduct proactive threat hunting in order to block potential Russian state-sponsored cyber threats.

Experts Comments

January 12, 2022
Tim Helming
Security Advocate
DomainTools

There is good guidance here from the agencies (CISA, NSA, FBI) though it’s tempting to look at it as motherhood-and-apple-pie: the vast majority of owners and operators of critical infrastructure are well aware of the threats, and are also cognizant of many of the fundamental steps toward hardening their assets against these threats. Many in the critical infrastructure community take an “assume breach” posture already, based on what we know about the capabilities of these actors.

.....Read More

There is good guidance here from the agencies (CISA, NSA, FBI) though it’s tempting to look at it as motherhood-and-apple-pie: the vast majority of owners and operators of critical infrastructure are well aware of the threats, and are also cognizant of many of the fundamental steps toward hardening their assets against these threats. Many in the critical infrastructure community take an “assume breach” posture already, based on what we know about the capabilities of these actors. Procedures and tools to improve asset visibility and vulnerability management, identity and access management, log management, ingress and egress filtering, anomaly detection, and behavioral analytics are all recognized as fundamental necessities, and it’s safe to say are being actively improved, to a greater or lesser extent, in the majority of installations.

So why did CISA et al issue the advisory? In part, because if they weren’t on record doing so and a compromise were confirmed, it would have been a glaring gap. It also gives owners and operators facing resource constraints more support in their requests, and it’s important not to underestimate how important that can be.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.