The FBI, CISA, and NSA today jointly warned critical infrastructure organizations to adopt a heightened state of awareness and to conduct proactive threat hunting in order to block potential Russian state-sponsored cyber threats.
<p>There is good guidance here from the agencies (CISA, NSA, FBI) though it’s tempting to look at it as motherhood-and-apple-pie: the vast majority of owners and operators of critical infrastructure are well aware of the threats, and are also cognizant of many of the fundamental steps toward hardening their assets against these threats. Many in the critical infrastructure community take an “assume breach” posture already, based on what we know about the capabilities of these actors. Procedures and tools to improve asset visibility and vulnerability management, identity and access management, log management, ingress and egress filtering, anomaly detection, and behavioral analytics are all recognized as fundamental necessities, and it’s safe to say are being actively improved, to a greater or lesser extent, in the majority of installations.</p>
<p>So why did CISA et al issue the advisory? In part, because if they weren’t on record doing so and a compromise were confirmed, it would have been a glaring gap. It also gives owners and operators facing resource constraints more support in their requests, and it’s important not to underestimate how important that can be.</p>
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics