Federal Agencies Issue Joint Cybersecurity Advisory

Written By Haley Metteauer

On January 11, 2022, National Security Agency (“NSA”), Cybersecurity and Infrastructure Security Agency (“CISA”), and the Federal Bureau of Investigation (“FBI”) issued a Joint Cybersecurity Advisory (“CSA”) to assist the cybersecurity community in understanding and mitigating Russian state-sponsored cyber threats to critical U.S. infrastructure. The CSA advises the cybersecurity community, particularly critical infrastructure network defenders, to “adopt a heightened state of awareness and to conduct proactive threat hunting.” In order to reduce the “risk of compromise or severe business degradation,” the CSA recommends organizations take the following actions:

  • Be prepared. To be prepared in the event of a cyber-attack, organizations should:

    • Confirm reporting processes and minimize coverage gaps; and

    • Create, maintain, and exercise a cyber incident response, resilience plan, and continuity of operations plan.

  • Enhance your organization’s cyber posture. Organizations should adopt policies and procedures designed to enhance:

    • Identity and access management;

    • Protective controls and architecture; and

    • Vulnerability and configuration management.

  • Maintain persistent detection efforts. In order to detect cyber threats, organizations should:

    • Implement robust log collection and retention; and

    • Look for behavioral evidence or network and host-based artifacts.

  • Develop incident response protocols. In the event of a cyber-attack, organizations should:

    • Immediately isolate affected systems;

    • Secure backups;

    • Collect and review relevant logs, data, and artifacts;

    • Consider soliciting support from a third-party IT organization to provide subject matter expertise, ensure the actor is eradicated from the network, and avoid residual issues that could enable follow-on exploitation; and

    • Report incidents to CISA and/or the FBI.

  • Increase organizational vigilance. To stay informed, organizations should:

    • Regularly review reporting on Russian state-sponsored malicious cyber activity; and

    • Consider signing up for CISA notifications.

Although this CSA is directed at the “cybersecurity community,” all organizations would be well served by reviewing these recommendations and considering how they can improve their current policies and procedures to better protect against cyber threats. This is especially true in the wake of recent global events, in which academics are warning of the increased risk of “cyber-attacks on Ukrainian and western energy, finance, and communications infrastructure. “ 

Haley Metteauer
Previous

Why Organizations Should Consider Implementing Data Minimization
Next

California Privacy Protection Agency Likely Will Not Meet Privacy Regulation Deadlines