July 20, 2022 | Alex Terlecky

The war in Ukraine has prompted new alerts from government agencies

The war in Ukraine has had far reaching implications for the supply chain crisis and inflation, but no issue hits closer to home for special districts than the risk posed by cyberattacks.

Russia is no stranger to cyberattacks, and as the conflict has continued through spring and into summer, warnings have been consistent that critical infrastructure may be targeted through cyberattacks.

In addition, as the West has bolstered their support of Ukraine, and as Russia has been relegated to fighting in eastern Ukraine, Russia may feel emboldened to begin utilizing all aspects of their playbook to gain advantages.

What to expect

The White House continues to warn U.S. companies and organizations about Russia’s capacities for launching cyberattacks. Although nothing major has materialized, recent intelligence shows that Russia is a total of 37 cyberattacks. These cyberattacks are an integral part of Russia’s war effort.

According to Microsoft’s recent report, the company has observed Russian-aligned actors showing interest in or conducting operations against organizations in the Baltics and Turkey—both NATO member states outside of Ukraine.

The company also believes these actors may be tasked with expanding their actions further beyond Ukraine as countries decide to provide more military assistance to Ukraine and take additional measures to weaken the Russian government and economy.

Above all, the post reads, the alerts published by CISA and other U.S. government agencies should be taken seriously.

Make sure you’re signed up for those alerts directly from CISA at cisa.gov.

How to Prepare

There are a few steps special districts can take to prepare for these threats.

In addition to signing up for CISA’s alerts, CISA is running a campaign known as additional tools specific for the public sector.

In March, the White House recommended companies execute the following steps with urgency:

• Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system;
• Deploy modern security tools on your computers and devices to continuously look for and mitigate threats;
• Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors;
• Back up your data and ensure you have offline backups beyond the reach of malicious actors;
• Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
• Encrypt your data so it cannot be used if it is stolen;
• Educate your employees to common tactics that attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly; and
• Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of cyber incidents. Please encourage your IT and Security leadership to visit the websites of CISA and the FBI where they will find technical information and other useful resources.

Report suspected cyber intrusions and anomalous activity to CISA at central@cisa.gov or 888-282-0870, and to the FBI’s 24/7 CyWatch operations center at cywatch@fbi.gov or 855-292-3937.

CSD Pool Member Resources

CSD Pool members have special access to two different cyber recourses that can help members execute the steps listed above and manage a cyberattack that occurs at your district.

Free to members is NetDiligence’s eRisk Hub. It includes the following resources for members:

• Incident roadmap – steps on how to recover from a breach or other incident
• Breach Coach Access – free consultation with attorneys from Norton Rose Fulbright
• Ransomware Mock Breach Exercise and Attack Simulations
• Best Practices Educational Videos – Train staff on the importance of multi-factor authentication, incident response planning, VPM use, and backups
• White papers – specific reports on how cyber risk threatens public entities

This resource is 100% free for members. Even if it doesn’t get much use, having this resource at your disposal can make the difference if attacked.

Beyond this, members receive discounted rates for NetDiligence’s QuietAudit cyber assessments. Through this service, members are offered three different levels of assessments to look at network vulnerabilities and overall network health. Assessments include:

• Review of prior audit materials or applications
• Client IT Security Phone Interview to maximize efficiency
• Risk Manager Summary Report
• Network/Website Vulnerability Scan Test
• Interpretive Summary

Upon completion, members will receive a higher sublimit at no additional cost. This increase is $1M, up from $200k.

Pricing, although already discounted, can be further subsidized through our Safety and Loss Prevention Grant program, which reimburses 50% of the cost.

For more information, visit csdpool.org/cyber.