Active Defense & Deception , Business Continuity Management / Disaster Recovery , Critical Infrastructure Security
Ukrainian IT Official: Russian Cyberattacks Have Continued
NATO Pledges More Cyber Support to Ukraine; Biden Writes to US GovernorsAnother week into the Russia-Ukraine conflict, Ukrainian IT officials continue to call out alleged Russian cyberattacks. This comes as hacktivists have taken matters into their own hands in the digital underground, striking Russian media agencies, government ministries and more.
See Also: Gartner Guide for Digital Forensics and Incident Response
According to a new report from The Washington Post, Victor Zhora, the now-well-known IT official from Ukraine, told journalists this week that Russia has not ceased its cyber onslaught.
Zhora, who serves as deputy chairman of the State Service of Special Communications and Information Protection for Ukraine, said Russian hackers are targeting European charities working with Ukrainian refugees. Some 3.5 million people have now fled the war-torn country, according to the United Nations. This entails the fastest refugee movement since World War II.
According to a similar report from Reuters, the IT official said: "We suppose that this is another proof of the spread of cyberwar to NATO countries."
Zhora also reportedly said the Ukrainian government does not currently "have facts" suggesting that Chinese hackers have aligned with Russia to snoop on Ukrainians or the Ukrainian military.
The Ukrainian government has received "all the cyber defensive assistance it's requested from the U.S. and other countries," Zhora said, according to The Post.
He also reportedly reiterated that Ukraine does not conduct offensive cyber strikes as a policy, although the country's volunteer "IT Army" has indeed leveled offensive campaigns, he said.
NATO Pledges Additional Aid
In a joint statement issued by NATO heads of state following an emergency summit held on Thursday, world leaders indicate that they will boost defenses in Europe as Russia continues its military campaign.
"We have met today to address Russia's aggression against Ukraine, the gravest threat to Euro-Atlantic security in decades. Russia's war against Ukraine has shattered peace in Europe and is causing enormous human suffering and destruction."
The leaders call on Russia to immediately suspend military operations and on Belarus "to end its complicity." They also call Russian President Vladimir Putin's "escalatory rhetoric" both "irresponsible and destabilizing."
The leaders add: "We will continue to counter Russia's lies about its attack on Ukraine and expose fabricated narratives or manufactured 'false flag' operations to prepare the ground for further escalation, including against the civilian population of Ukraine."
Disinformation has been a staple of Russia's arsenal for years - particularly so after it allegedly meddled in U.S. federal elections through various cycles.
The heads of state also point to "extensive support" provided to Ukraine since 2014, particularly the training of its armed forces, strengthening their military capabilities and enhancing their resilience - including on the cybersecurity side.
"NATO allies have stepped up their support and will continue to provide further political and practical support to Ukraine," the statement says, adding that the areas to receive additional assistance include cybersecurity.
The statement continues: "We call on all states, including the People's Republic of China, to uphold the international order including the principles of sovereignty and territorial integrity, as enshrined in the U.N. Charter, to abstain from supporting Russia's war effort in any way, and to refrain from any action that helps Russia circumvent sanctions."
The leaders say their commitment to NATO's Article 5 treaty - a foundational agreement for members of the intergovernmental military alliance to protect sovereign borders - is "iron-clad."
In addition to NATO Response Force mobilization, the heads of state say they are "increasing the resilience of our societies and our infrastructure to counter Russia's malign influence. We are enhancing our cyber capabilities and defenses, providing support to each other in the event of cyberattacks. We are ready to impose costs on those who harm us in cyberspace, and are increasing information exchange and situational awareness, enhancing civil preparedness, and strengthening our ability to respond to disinformation."
Biden Addresses US Governors
According to correspondence obtained by the government publication Politico, Biden has addressed U.S. governors directly in an effort to enhance state-level cyber preparedness.
The warning follows messaging this week that the administration has detected Russian "preparatory activity" in potentially targeting U.S. infrastructure in cyberspace.
And in a bulletin obtained by CBS News this week, the FBI warns that Russian IP addresses were tracked scanning the networks of at least five U.S. energy firms, plus about a dozen other critical infrastructure firms (see: Reports: Russian IPs Scanning US Energy Firms, Others).
In a letter addressed to California Gov. Gavin Newsom, dated March 18, Biden states: "I warned President Putin directly that if Russia attacks the U.S., we will respond, and we must prepare for any contingency, including cyberattacks on our homeland. … My administration has made cybersecurity and resilience a priority, and we have made great progress over the past year. … Cybersecurity, however, is a shared responsibility, and we still have a long way to go."
He says that much of the nation's critical infrastructure remains privately owned and overseen at the state or local levels. "Thus, there are things that only you as governor can do to secure your state's computer systems, your critical infrastructure, your citizens, and through those efforts, our nation."
In the letter, the president urges governors to convene their leadership teams to discuss the security posture of their critical infrastructure, to consider enforcing cyber baseline standards and emergency cyber measures and to determine whether state CISOs have adequately put teams on high alert. He also urges state executives to consider incident response and to "take urgent action to exercise the authority you and your team have to prepare your critical infrastructure to withstand a cyberattack."
The president, in the letter, directs state teams to various resources from the Cybersecurity and Infrastructure Security Agency, FBI field offices and other resources, to ensure open lines of communication and informs executives about federal funding available through the American Rescue Plan and the Bipartisan Infrastructure Law that may be used for cybersecurity - including the modernization of hardware and software.
"I want to close by thanking you for your leadership on this important issue," Biden says. "Cybersecurity is not an easy challenge, but together we can take the steps that will protect our critical infrastructure and our citizens."
'Too Real to Ignore'
Some cybersecurity experts say they have seen U.S. organizations heed the government's "Shields Up" advice.
"We are seeing organizations step up their cybersecurity readiness by adding staff and external resources and updating their response plans," says John Dickson, a former U.S. Air Force officer who served in the Air Force Information Warfare Center. "From a technical perspective, they have increased monitoring, turned off certain services and are largely preparing for what might come."
Dickson, currently the vice president of the advisory firm Coalfire, adds: "The repeated warnings from President Biden, DHS and CISA have been frequent and serious and have the attention of everyone. These warnings, with the backdrop of the war in Ukraine, are simply too real for any organization to ignore."