Planning for a Nation-State Cyber Attack — Are You Ready?

LANSING – Warnings are pouring in from all over the world about the U.S. and U.K. domestic impacts resulting from a potential attack on Ukraine from Russia. Assuming the U.S. imposes sanctions or takes other retaliatory measures against Russia should an invasion occur, experts say that cyber attacks could be launched against U.S. and U.K. businesses and even government agencies.

Dan Lohrmann

Regardless of whether you believe Russia will attack Ukraine over the next few months, it is important for all enterprises to prepare for this scenario. Other related cyber attack scenarios include a Chinese invasion of Taiwan.

Dan Lohrmann will join fellow cybersecurity expert Richard Stiennon on MITech TV Feb. 14 at 2:30 pm. You can watch live at MITech TV.

Scenario planning for cyber attacks is the norm for smart public- and private-sector enterprises, and this type of situation is often viewed as a worst-case scenario by some, thus the reluctance to discuss it openly in the media. Nevertheless, in my opinion, it is an important topic for state and local governments to consider given the current situation with Russia and Ukraine.

This article from James Lewis at the Center for Strategic and International Studies (CSIS) earlier this month provides some good background and context on “Russia and the Threat of Massive Cyberattack.”

In addition, the Cybersecurity and Infrastructure Security Agency (CISA) released this important alert in January, and I published this blog on the topic last month, saying to pay attention.

Some global experts are predicting a significant cyber attack against U.S. and UK critical infrastructure if Russia invades Ukraine. Whether it happens or not, is your organization prepared for this scenario?

The Multi-State Information Sharing and Analysis Center (MS-ISAC) released two papers called “From Russia … With Love?,” a two-part series on the history of Russian involvement with cyber crime. Part 1 highlights the history of Russian governmental influence in cyber crime up to the present day. Part 2 details the global implications of the Russian government’s influence in cyber crime, including the impact on the state and local government community and recommendations for mounting an effective cyber defense.

I urge all state and local governments to be on the lookout for additional alerts and updates from the MS-ISAC. Other ISACs, such as the Research and Education Networks Information Sharing and Analysis Center (REN-ISAC), will also have timely, actionable updates to this situation.

This report from CyberWire offers a CISA update that includes 18 new industrial control system advisories that were just released this week. Also from the report: “CISA also added fifteen new entries to its Known Vulnerabilities Catalog. All US Federal Civilian Executive Branch Agencies (FCEB Agencies) are required to remediate each vulnerability by a specified date. Agencies have until August 10th of this year to address fourteen of them, but one, CVE-2021-36934, a Microsoft Windows SAM Local Privilege Escalation Vulnerability, requires more urgency, and must be mitigated by February 24th.”

Although a bit dated, the National Institute of Standards and Technology (NIST) offers this good material to review from an RSA Conference as you think through what is called “Extreme Cyber Scenario Planning and Fault Tree Analysis.”

NIST Special Publication 800-184 offers a Guide for Cybersecurity Event Recovery, and I urge readers to visit the wider NIST Computer Security Resource Center, which has many other helpful planning documents.

Another excellent resource is this Joint Cybersecurity Advisory released this week on ransomware, with excellent threat information as well as many great mitigation steps and checklists to help.