On January 11, 2022, the U.S. Department of Homeland Security’s Cyber Security and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint advisory, warning of an increasing cybersecurity threat posed by Russian state-backed threat actors to U.S. critical infrastructure.

The joint advisory recommends that the cybersecurity community, especially critical infrastructure network defenders, adopt a heightened state of awareness and conduct proactive threat hunting. Additionally, the joint advisory urges network defenders to implement several mitigation recommendations to improve their functional resilience and reduce the risk of compromise.

Specific controls that the joint advisory recommends include confirming reporting processes and minimizing coverage gaps by ensuring that the organization has developed specific points of contact responsible for the security of different business components. Additionally, cybersecurity leaders should work to minimize gaps in security personnel availability by identifying surge support for responding to an incident. This is because cyber threat actors have been known to commonly target organizations on weekends and holidays when there are gaps in organizational cybersecurity.

The joint advisory also recommends that organizations create, maintain, and exercise a cyber-incident response and continuity of operations plan. Routine exercises ensure that responsible security personnel are familiar with the key steps they need to take during an incident and are positioned to act in a calm and unified manner.

This most recent joint advisory from three prominent federal agencies charged with combatting cybercrime should serve as yet another reminder of the persistent threat faced by all companies, and particularly those that are responsible for servicing, maintaining, or providing critical infrastructure services. As discussed in prior posts, cybersecurity threats to critical infrastructure companies are widespread and only increasing in complexity and dangerousness. But the threat is, of course, not limited to critical infrastructure, as exemplified by numerous recent, prominent, and public attacks against various types of businesses.