Cybersecurity and Infrastructure Security Agency Issues Guidance Amid Geopolitical Tensions

While there are not currently any specific credible threats to the U.S. homeland, CISA is mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine.

On January 11, 2022, a joint cybersecurity advisory with the FBI and NSA was published on the Russian threat to U.S. critical infrastructure, including specific tactics, techniques, and procedures associated with Russian actors and an executive-level product urging every organization to take urgent, near-term steps to reduce the likelihood and impact of a potentially damaging compromise. CISA maintains a dedicated public webpage providing an overview of the Russian government’s malicious cyber activities as well as all our advisories and products on Russian state-sponsored cyber threats, to include the recent advisory on known tactics, techniques, and procedures used by Russian state-sponsored cyber actors.

CISA’s latest guidance is available at www.cisa.gov/shields-up. This includes steps organizations can take as they implement a heightened cybersecurity posture, a list of free cybersecurity resources available to critical infrastructure partners of all sizes, and our guidance on how organizations can prepare themselves to mitigate the impact of potential foreign influence operations and mis-, dis-, and mal-information.

CISA encourage all organizations to review and take advantage of the following resources:

 Shields Up – CISA launched a new Shields Up webpage that provides actionable information on urgent steps to harden systems given the heightened threat environment.

• Cyber Hygiene Services – CISA offers several cybersecurity assessment services on our Cyber Hygiene (CyHy) Services webpage including vulnerability scanning, web application scanning, phishing campaign assessments, and remote penetration tests.
• Pro Bono Cybersecurity Services and Tools – CISA recently launched a new catalog of free cybersecurity services and tools from CISA, the open source community, and our private sector partners in the Joint Cyber Defense Collaborative. The catalog is designed to help under-resourced organizations improve their security posture.  
• Mis-, dis-, Malinformation (MDM) – CISA released a CISA Insights titled, Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, which provides critical infrastructure owners and operators with guidance on how to identify and mitigate the risks of influence operations using MDM narratives from steering public opinion and impacting National Critical Functions and critical infrastructure. 
• Multi-State Information Sharing and Analysis Center (MS-ISAC) Resources for SLTT Partners – MS-ISAC offers several cybersecurity services that SLTT entities can use to implement a heightened cybersecurity posture, including their Malicious Domain Blocking and Reporting, Endpoint Detection and Response, and Real-Time Indicator Feeds services.

Lower Threshold Reporting: During this heightened time, CISA is encouraging all partners to lower their thresholds for reporting potential cyber incidents. If you believe that your jurisdiction, or a critical infrastructure partner, has experienced a cyber intrusion, please report incidents and anomalous activity to CISA ([email protected]; 1-888-282-0870) and/or the FBI’s 24/7 CyWatch at (855) 292-3937 or [email protected], or to state partners via traditional methods.