Defending Against Russian Cyber-Attacks: Guidance for SLTTs

The White House has called on both state governors and private industry to enhance their cybersecurity posture in the face of the Russia-Ukraine conflict and potential cyber-attacks on U.S. critical infrastructure.

A Call for Urgent Action

On March 21, 2022, the White House announced it had received intelligence suggesting that Russia was exploring options to launch cyber-attacks against the United States. 

FBI Director Christopher Wray said that the FBI was especially "concerned" about Russia targeting U.S. critical infrastructure, reported ABC News.

Through its investigative and surveillance efforts, the FBI learned that malicious actors had already scanned the systems of five U.S. energy companies. They also found evidence of attackers having conducted other "preparatory work" such as researching victims and developing access to their systems.

In response to this intelligence, President Biden asked U.S. governors and the mayor of the District of Columbia to enhance the resilience of their state's critical infrastructure and computer systems by taking certain steps.

First, he recommended that the leaders meet with their security officials to review the resiliency of their state's critical infrastructure systems. This should include determining whether they have the authority to enforce cybersecurity baselines with those utilities and verifying whether they've implemented those configurations, noted POLITICO.

Additionally, he urged state governments to follow cybersecurity best practices.

Actionable Guidance for Blocking Potential Russian Cyber-Attacks

Building on the White House's recommendations, cybersecurity experts at the Center for Internet Security (CIS) prepared guidance that includes practical steps for securing systems against nation-state actors, both immediately and over the coming weeks. Most of our recommendations require minimal effort, ranging from a few minutes to a few hours. In the next two weeks, we recommend state and local governments do the following:

  • Join the Multi-State and/or Elections Infrastructure Information Sharing and Analysis Centers (MS-ISAC and EI-ISAC)
  • Stop malicious internet activity with a no-cost Malicious Domain Blocking and Reporting (MDBR) service
  • Turn on multi-factor authentication (MFA) for any system that offers it
  • Obtain a recent vulnerability scan of externally-facing IT assets
  • Install all possible patches/updates where applicable
  • Enable logging on any device that is capable and configuring a log collection system

To further prepare themselves for large-scale incidents, we suggest state and local governments develop (or update) an incident response (IR) plan, ensure that they have backups for their systems, and confirm that they've protected those backups against ransomware attacks.

For more detailed guidance, review Protecting Against Potential Russian Cyber-Attacks.

Once those fundamentals are in place, state and local governments should work to adopt other essential cyber hygiene practices that align with Implementation Group 1 (IG1) of the CIS Critical Security Controls

Confronting a Very Real Threat

Bad actors working on behalf – or with the implicit support – of nation-states such as Russia pose a very real threat to our safety. CIS, along with MS-ISAC and EI-ISAC, stand behind the White House's urgent call on all organizations – both in the public and private sectors – to raise their defenses against potential cyber-attacks.