"Better Late Than Never" No Longer a Cybersecurity Option: Prepare Now for the Current Threat

The United States is facing a very real cybersecurity threat. As Russia intensifies actions in Ukraine, economic sanctions are sure to follow. In response, experts expect Russia to launch cyberattacks against high-value targets in the West, including vital infrastructure. For owners and operators of critical infrastructure resources, it is important to take action to prevent serious impacts. We recommend reviewing the Cyber and Infrastructure Security Agency’s (CISA) guidelines.

CISA urges public agencies to patch all systems, particularly against known exploited vulnerabilities; employ multi-factor authentication; use antivirus software; and update internal contact lists and surge support to be able to respond to any attack. In particular, CISA advises:

1. Be prepared. Confirm reporting processes and minimize personnel gaps in IT/OT security coverage. Create, maintain, and exercise a cyber incident response plan, resilience plan and continuity of operations plan so that critical functions and operations can be kept running if technology systems are disrupted or need to be taken offline.
2. Enhance your organization’s cyber posture. Follow best practices for identity and access management, protective controls and architecture and vulnerability and configuration management.
3. Increase organizational vigilance. Stay current on reporting on this threat. Subscribe to CISA’s mailing list and feeds to receive notifications when CISA releases information about a security topic or threat.

No one knows precisely what the coming weeks and months may bring in terms of cyberattacks, but acting now may prevent disruptions or more severe impacts.

PDF