As Ukrainian cities face attacks from Russian forces, the country continues to suffer from an ongoing campaign of cyber threats. With full-scale invasion underway, Ukraine, along with allied forces, can expect to face more cyber attacks, likely targeted at critical infrastructure in the oil, gas and power spaces. View guidance to prepare your organisation against cyber threats, including updated recommendations from CISA.
Last week, Ukraine was hit by even more cyber attacks, with its government referencing them as the most sophisticated to date. Several Ukrainian banks and government departments were unable to access critical websites, a result of distributed denial of service (DDoS) attacks designed to knock websites offline by flooding them with requests until they crash. According to BBC News, while recovery was rapid, likely due to cyber preparedness, Ukrainian organisations remain apprehensive as new ‘wiper’ malware have been flagged on hundreds of machines throughout the country.
As of Tuesday 24 February 2022, President Biden announced new sanctions on Russia, prompting cyber officials from the Federal Bureau of Investigation (FBI) to ask US businesses and local governments to be mindful of the potential for ransomware attacks as the crisis deepens.
Next steps for industry leaders
Organisations responsible for providing oil, natural gas and electricity to the public are all potential targets for Russian-based attacks. Leaders in these industries, including CEOs and executives, are warned to prepare for an imminent attack focused on disrupting the flow of oil, gas and reliable electricity. Leaders in the oil, gas and electricity space are being called to work with both their information technology (IT) and operational technology (OT) teams to take several actions, including:
- Ensuring membership in the appropriate Information Sharing and Analysis Center (ISAC): Electricity ISAC, Downstream Natural Gas ISAC, Oil and Natural Gas ISAC.
- Practicing response procedures.
- Immediately reporting all attempted or confirmed cyber intrusions to their respective ISAC, Chief Information Security Officer (CISO), Department of Energy (DOE) or the Federal Bureau of Investigation (FBI).
- Following ‘Shields Up’ guidance from the Cybersecurity and Infrastructure Security Agency (CISA).
Recommendations from CISA: ‘Shields Up’
Russia uses cyber operations to destabilise its adversaries. Based on this background, CISA worked with critical infrastructure partners to create ‘Shields Up’ — critical guidance to protect organisations against potential cyber threats. While there are not currently any active threats against the US, CISA has urgently expressed that organisations must be mindful and take action now to be proactive instead of reactive. ‘Shields Up’ provides essential information, including how to reduce the likelihood of cyber intrusions, insights for improving cyber resilience and specific recommendations for corporate leaders and CEOs.
Using the past to prepare for the future
Over the last decade, the Russian government has consistently used cyber threats in warfare. In 2015, a non-state threat actor conducted a cyber attack that disrupted multiple power suppliers in Ukraine leaving around 230 000 people without electricity. This attack directly impacted the production of Ukraine’s Olesska shale gas deposit, a natural resource they were planning on putting into production to reduce dependency on Russia.
Then, in January 2022, Russia launched a cyber attack on dozens of government websites. Before the sites went offline a simple warning message appeared: “Be afraid and expect the worst”. Although access to most of the sites was restored within hours, some experts have implied that this was a hybrid attack operation, combining ongoing military conflicts with coordinated cyber threats from non-state actors.
With cyber attacks often comes the issue of attribution — years may pass before you know if any critical infrastructure has been hacked. To better protect your organisation against these types of cyber threats, ABS Group advise taking action sooner rather than later so you can be prepared to protect, defend, respond and recover from your next cyber-incident.
Read the article online at: https://www.worldpipelines.com/equipment-and-safety/01032022/how-to-prepare-for-cybersecurity-risks-associated-with-the-russia-ukraine-crisis/