News Insights: FBI, NSA & CISA Issue Advisory on Russian Cyber Threat to US Critical Infrastructure

Advisory explains how to detect, respond to, and mitigate cyberattacks from Russian state-sponsored hacking groups.

https://www.darkreading.com/threat-intelligence/fbi-nsa-cisa

 

News Insights:

According to Tim Helming, Security Evangelist at DomainTools:

“There is good guidance here from the agencies (CISA, NSA, FBI) though it’s tempting to look at it as motherhood-and-apple-pie: the vast majority of owners and operators of critical infrastructure are well aware of the threats, and are also cognizant of many of the fundamental steps toward hardening their assets against these threats. Many in the critical infrastructure community take an ‘assume breach’ posture already, based on what we know about the capabilities of these actors. Procedures and tools to improve asset visibility and vulnerability management, identity and access management, log management, ingress and egress filtering, anomaly detection, and behavioral analytics are all recognized as fundamental necessities, and it’s safe to say are being actively improved, to a greater or lesser extent, in the majority of installations.

So why did CISA et al issue the advisory? In part, because if they weren’t on record doing so and a compromise were confirmed, it would have been a glaring gap. It also gives owners and operators facing resource constraints more support in their requests, and it’s important not to underestimate how important that can be.”