U.S. Cybersecurity Officials Issue New Warning Regarding Threats to Critical Infrastructure

Faegre Drinker Biddle & Reath LLP
Contact

Faegre Drinker Biddle & Reath LLP

On January 11, 2022, the U.S. Department of Homeland Security’s Cyber Security and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint advisory, warning of an increasing cybersecurity threat posed by Russian state-backed threat actors to U.S. critical infrastructure.

The joint advisory recommends that the cybersecurity community, especially critical infrastructure network defenders, adopt a heightened state of awareness and conduct proactive threat hunting. Additionally, the joint advisory urges network defenders to implement several mitigation recommendations to improve their functional resilience and reduce the risk of compromise.

Specific controls that the joint advisory recommends include confirming reporting processes and minimizing coverage gaps by ensuring that the organization has developed specific points of contact responsible for the security of different business components. Additionally, cybersecurity leaders should work to minimize gaps in security personnel availability by identifying surge support for responding to an incident. This is because cyber threat actors have been known to commonly target organizations on weekends and holidays when there are gaps in organizational cybersecurity.

The joint advisory also recommends that organizations create, maintain, and exercise a cyber-incident response and continuity of operations plan. Routine exercises ensure that responsible security personnel are familiar with the key steps they need to take during an incident and are positioned to act in a calm and unified manner.

This most recent joint advisory from three prominent federal agencies charged with combatting cybercrime should serve as yet another reminder of the persistent threat faced by all companies, and particularly those that are responsible for servicing, maintaining, or providing critical infrastructure services. As discussed in prior posts, cybersecurity threats to critical infrastructure companies are widespread and only increasing in complexity and dangerousness. But the threat is, of course, not limited to critical infrastructure, as exemplified by numerous recent, prominent, and public attacks against various types of businesses.

Written by:

Faegre Drinker Biddle & Reath LLP
Contact
more
less

Faegre Drinker Biddle & Reath LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.