<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
@font-face
{font-family:"Franklin Gothic Book";
panose-1:2 11 5 3 2 1 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.xmsonormal, li.xmsonormal, div.xmsonormal
{mso-style-name:x_msonormal;
margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.paragraph, li.paragraph, div.paragraph
{mso-style-name:paragraph;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.normaltextrun
{mso-style-name:normaltextrun;}
span.eop
{mso-style-name:eop;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1376202199;
mso-list-template-ids:-1519512476;}
@list l0:level1
{mso-level-start-at:3;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1
{mso-list-id:1549955884;
mso-list-template-ids:1326636156;}
@list l1:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2
{mso-list-id:1846047047;
mso-list-template-ids:-228294124;}
@list l2:level1
{mso-level-start-at:2;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">FYSA<o:p></o:p></p>
<div>
<div>
<div>
<p class="paragraph" style="margin:0in;vertical-align:baseline"><span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="paragraph" style="margin:0in;vertical-align:baseline;user-select: text;-webkit-user-drag: none;-webkit-tap-highlight-color: transparent;overflow-wrap: break-word;font-kerning: none">
<span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif">The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the National Security Agency released a joint Cybersecurity Advisory
(CSA), </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-010a" target="_blank"><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">Understanding
and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure</span></span></a></span><span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif">. The CSA provides an overview of Russian state-sponsored cyber
operations; commonly observed tactics, techniques, and procedures (TTPs); detection actions; incident response guidance; and mitigations. This advisory is being released to as part of our continuing cybersecurity mission with our interagency partners to warn
organizations of potential cyber threats.</span></span><span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="paragraph" style="margin:0in;background:white;vertical-align:baseline;user-select: text;-webkit-user-drag: none;-webkit-tap-highlight-color: transparent;overflow-wrap: break-word;font-kerning: none">
<span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F5496"><o:p></o:p></span></p>
<p class="paragraph" style="margin:0in;background:white;vertical-align:baseline;user-select: text;-webkit-user-drag: none;-webkit-tap-highlight-color: transparent;overflow-wrap: break-word;font-kerning: none">
<span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness and
to conduct proactive threat hunting. Additionally, we strongly urge network defenders to implement the CSA’s recommendations and mitigations, which will help organizations improve their functional resilience by reducing the risk of compromise or severe business
degradation. </span></span><span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F5496"><o:p></o:p></span></p>
<p class="paragraph" style="margin:0in;vertical-align:baseline;user-select: text;-webkit-user-drag: none;-webkit-tap-highlight-color: transparent;overflow-wrap: break-word;font-kerning: none">
<span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="paragraph" style="margin:0in;vertical-align:baseline;user-select: text;-webkit-user-drag: none;-webkit-tap-highlight-color: transparent;overflow-wrap: break-word;font-kerning: none">
<span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif">The CSA, which uses the MITRE ATT&CK® for Enterprise framework, version 10, includes technical details, including previously identified vulnerabilities known to be exploited
by Russian state-sponsored APT actors for initial access. The three agencies strongly urge critical infrastructure leaders to take a few immediate actions, including:</span></span><span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="paragraph" style="margin:0in;vertical-align:baseline;user-select: text;-webkit-user-drag: none;-webkit-tap-highlight-color: transparent;overflow-wrap: break-word;font-kerning: none">
<span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="paragraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.75in;text-indent:0in;mso-list:l1 level1 lfo2;vertical-align:baseline;user-select: text;-webkit-user-drag: none;-webkit-tap-highlight-color: transparent;overflow-wrap: break-word;font-kerning: none">
<![if !supportLists]><span style="font-family:"Franklin Gothic Book",sans-serif"><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span class="normaltextrun"><b><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">Be prepared</span></b></span><span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">.
Confirm reporting processes and </span></span><span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif">minimize personnel gaps in IT/OT security coverage<span style="color:black">. Create, maintain, and exercise a cyber incident
response plan, resilience plan, and continuity of operations plan so that critical functions and operations can be kept running if technology systems are disrupted or need to be taken offline. </span></span></span><span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span></span><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></p>
<p class="paragraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.75in;text-indent:0in;mso-list:l2 level1 lfo4;vertical-align:baseline;user-select: text;-webkit-user-drag: none;-webkit-tap-highlight-color: transparent;overflow-wrap: break-word;font-kerning: none">
<![if !supportLists]><span style="font-family:"Franklin Gothic Book",sans-serif"><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span class="normaltextrun"><b><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">Enhance your organization’s cyber posture</span></b></span><span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">.
Follow best practices for identity and access management, protective controls and architecture, and vulnerability and configuration management.</span></span><span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span></span><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></p>
<p class="paragraph" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:0in;margin-left:.75in;text-indent:0in;mso-list:l0 level1 lfo6;vertical-align:baseline;user-select: text;-webkit-user-drag: none;-webkit-tap-highlight-color: transparent;overflow-wrap: break-word;font-kerning: none">
<![if !supportLists]><span style="font-family:"Franklin Gothic Book",sans-serif"><span style="mso-list:Ignore">3.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span class="normaltextrun"><b><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">Increase organizational vigilance</span></b></span><span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">.
Stay current on reporting on this threat. </span></span><span style="font-family:"Franklin Gothic Book",sans-serif"><a href="https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new" target="_blank"><span class="normaltextrun"><span style="color:#103CC0;background:white">Subscribe</span></span></a><span class="normaltextrun"><span style="color:#262626;background:white"> to
CISA’s </span></span><a href="https://www.cisa.gov/uscert/mailing-lists-and-feeds" target="_blank"><span class="normaltextrun"><span style="background:white">mailing list and feeds</span></span></a><span class="normaltextrun"><span style="color:#262626;background:white"> to
receive notifications when CISA releases information about a security topic or threat.</span></span><span class="eop"><span style="color:#262626"> </span></span><o:p></o:p></span></p>
<p class="paragraph" style="margin:0in;vertical-align:baseline;user-select: text;-webkit-user-drag: none;-webkit-tap-highlight-color: transparent;overflow-wrap: break-word;font-kerning: none">
<span class="normaltextrun"><o:p> </o:p></span></p>
<p class="paragraph" style="margin:0in;vertical-align:baseline"><span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif">For the complete list of immediate actions that include actions for improving functional resilience and incident
response resources, executives and IT professionals should review this CSA in its entirety at <a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-010a">https://www.cisa.gov/uscert/ncas/alerts/aa22-010a</a>. Further, critical infrastructure organization leaders
should review CISA Insights: </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><a href="https://www.cisa.gov/sites/default/files/publications/CISA_INSIGHTS-Preparing_For_and_Mitigating_Potential_Cyber_Threats-508C.pdf" target="_blank"><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">Preparing
for and Mitigating Cyber Threats</span></span></a></span><span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif"> for information on reducing cyber threats to their organization.</span></span><span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="paragraph" style="margin:0in;vertical-align:baseline;user-select: text;-webkit-user-drag: none;-webkit-tap-highlight-color: transparent;overflow-wrap: break-word;font-kerning: none">
<span class="eop"><span style="font-size:10.0pt;font-family:"Franklin Gothic Book",sans-serif"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="paragraph" style="margin:0in;vertical-align:baseline;user-select: text;-webkit-user-drag: none;-webkit-tap-highlight-color: transparent;overflow-wrap: break-word;font-kerning: none">
<span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif">CISA encourages critical infrastructure executives and senior leaders to review the</span></span><span class="normaltextrun"><span style="font-size:10.0pt;font-family:"Franklin Gothic Book",sans-serif"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><a href="https://www.cisa.gov/sites/default/files/publications/CISA_INSIGHTS-Preparing_For_and_Mitigating_Potential_Cyber_Threats-508C.pdf" target="_blank"><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">CISA
Insights</span></span></a></span><span class="normaltextrun"><span style="font-size:10.0pt;font-family:"Franklin Gothic Book",sans-serif"> </span></span><span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif">for guidance on
proactively preparing their organizations for an incident. In addition, CISA encourages critical infrastructure organizations to take a closer look at themselves, their facilities, and their operations from the outside-in. Knowing how you may be exposed or
targeted will help you to be better prepared (to act, collaborate, and report). </span></span><span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="paragraph" style="margin:0in;vertical-align:baseline;user-select: text;-webkit-user-drag: none;-webkit-tap-highlight-color: transparent;overflow-wrap: break-word;font-kerning: none">
<span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="paragraph" style="margin:0in;vertical-align:baseline;user-select: text;-webkit-user-drag: none;-webkit-tap-highlight-color: transparent;overflow-wrap: break-word;font-kerning: none">
<span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif">Thank you for your continued collaboration.</span></span><span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif"> <o:p></o:p></span></span></p>
<p class="paragraph" style="margin:0in;vertical-align:baseline"><o:p> </o:p></p>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cyber Security Advisor, Region 10 (Oregon)
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">
</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_1" src="cid:image001.png@01D806C1.17A08440"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="xmsonormal"><o:p> </o:p></p>
</div>
</body>
</html>