[CDP-development] CISA, FBI, and NSA Release Cybersecurity Advisory on Russian Cyber Threats to U.S. Critical Infrastructure

MASSE, THERESA theresa.masse at cisa.dhs.gov
Tue Jan 11 08:57:30 PST 2022 

FYSA



The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the National Security Agency released a joint Cybersecurity Advisory (CSA), Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure<https://www.cisa.gov/uscert/ncas/alerts/aa22-010a>. The CSA provides an overview of Russian state-sponsored cyber operations; commonly observed tactics, techniques, and procedures (TTPs); detection actions; incident response guidance; and mitigations. This advisory is being released to as part of our continuing cybersecurity mission with our interagency partners to warn organizations of potential cyber threats.



CISA, the FBI, and NSA encourage the cybersecurity community-especially critical infrastructure network defenders-to adopt a heightened state of awareness and to conduct proactive threat hunting. Additionally, we strongly urge network defenders to implement the CSA's recommendations and mitigations, which will help organizations improve their functional resilience by reducing the risk of compromise or severe business degradation.



The CSA, which uses the MITRE ATT&CK(r) for Enterprise framework, version 10, includes technical details, including previously identified vulnerabilities known to be exploited by Russian state-sponsored APT actors for initial access. The three agencies strongly urge critical infrastructure leaders to take a few immediate actions, including:



1.     Be prepared. Confirm reporting processes and minimize personnel gaps in IT/OT security coverage. Create, maintain, and exercise a cyber incident response plan, resilience plan, and continuity of operations plan so that critical functions and operations can be kept running if technology systems are disrupted or need to be taken offline.

2.     Enhance your organization's cyber posture. Follow best practices for identity and access management, protective controls and architecture, and vulnerability and configuration management.

3.     Increase organizational vigilance. Stay current on reporting on this threat. Subscribe<https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new> to CISA's mailing list and feeds<https://www.cisa.gov/uscert/mailing-lists-and-feeds> to receive notifications when CISA releases information about a security topic or threat.



For the complete list of immediate actions that include actions for improving functional resilience and incident response resources, executives and IT professionals should review this CSA in its entirety at https://www.cisa.gov/uscert/ncas/alerts/aa22-010a. Further, critical infrastructure organization leaders should review CISA Insights: Preparing for and Mitigating Cyber Threats<https://www.cisa.gov/sites/default/files/publications/CISA_INSIGHTS-Preparing_For_and_Mitigating_Potential_Cyber_Threats-508C.pdf> for information on reducing cyber threats to their organization.



CISA encourages critical infrastructure executives and senior leaders to review the CISA Insights<https://www.cisa.gov/sites/default/files/publications/CISA_INSIGHTS-Preparing_For_and_Mitigating_Potential_Cyber_Threats-508C.pdf> for guidance on proactively preparing their organizations for an incident. In addition, CISA encourages critical infrastructure organizations to take a closer look at themselves, their facilities, and their operations from the outside-in. Knowing how you may be exposed or targeted will help you to be better prepared (to act, collaborate, and report).



Thank you for your continued collaboration.



Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D806C1.17A08440]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220111/5ec21754/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220111/5ec21754/attachment-0001.png>

More information about the CDP-development mailing list