Present Biden has issued a warning about the increased threat of cyberattacks by Russian state-sponsored hackers as a result of the economic sanctions imposed on the country in response to the invasion of Ukraine. President Biden said the warning is based on “evolving intelligence that the Russian Government is exploring options for potential cyberattacks.”
A few days before President Biden’s warning, the FBI issued an alert warning that hacking groups linked to Russia could target U.S organizations in response to the recently imposed sanctions. Deputy national security adviser Anne Neuberger explained in a White House briefing on Monday that threat actors associated with Russian IP addresses had conducted “preparatory activity” for cyberattacks, such as scanning websites and other Internet-facing systems at 5 US energy firms for exploitable vulnerabilities. Scans have also been conducted on at least 18 other US companies in sectors such as defense and financial services. The FBI said the Russian IP addresses used for scanning have previously been used for destructive cyber activity against foreign critical infrastructure, and that scanning activity has increased since Russia invaded Ukraine.
“I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners. It’s part of Russia’s playbook,” said President Biden in his statement. “My Administration will continue to use every tool to deter, disrupt, and if necessary, respond to cyberattacks against critical infrastructure. But the Federal Government can’t defend against this threat alone.”
In the United States, a large percentage of the country’s critical infrastructure is operated by the private sector. President Biden has called for owners and operators of critical infrastructure to accelerate their efforts to improve their defenses and “lock their digital doors”. The White House has issued a fact sheet detailing the steps that should be taken to improve cybersecurity defenses in preparation for possible Russian cyberattacks and for action to be taken immediately to implement the recommendations.
One of the most important steps to take to improve security is to implement and mandate the use of multi-factor authentication. Multi-factor authentication will make it much harder for threat actors to use compromised or stolen credentials to access internal networks. Security software should be deployed that is capable of continuously scanning computers and devices to identify and mitigate threats. Cybersecurity teams should ensure that all operating systems and software are updated and patched against known vulnerabilities, especially those listed in the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerability Catalog.
Robust backup procedures should be implemented and backups should be stored offline, out of the reach of attackers that successfully compromise networks. Sensitive data should be encrypted at rest and in transit to ensure that if the information is stolen, it cannot be used.
Security awareness training should be provided to employees to help them identify and avoid threats, and the workforce should be encouraged to immediately report any suspicious activity. The White House also encourages critical infrastructure operators to engage proactively with their local FBI field offices and/or CISA Regional Office to establish relationships in advance of any cyber incidents and to run exercises and drills to test emergency plans to ensure a quick and effective response is possible in the event of a cyber intrusion.
The American Hospital Association (AHA) has urged hospitals and health systems to review the government fact sheet and take immediate steps to improve cybersecurity, as well as review AHA guidance and alerts about risk mitigation procedures. Hospitals and health systems have also been urged to increase network monitoring for unusual network traffic and activity, especially around Active Directory, and to “heighten staffs’ awareness of [the] increased risk of receiving malware-laden phishing emails.”
The AHA also recommends geo-fencing for inbound and outbound traffic to and from Russia, Ukraine, and the surrounding regions, checking the redundancy, resiliency, and security of networks and data backups, and ensuring emergency electric generating redundancy, resiliency, and generator fuel reserves are in place and have been recently tested.
It is also important to identify all internal and third-party mission-critical clinical and operational services and technology and to put into place four-to-six week business continuity plans and well-practiced downtime procedures in the event those services or technologies are disrupted by a cyberattack.
The post President Biden Urges Private Sector to Take Immediate Action to Harden Cybersecurity Defenses appeared first on HIPAA Journal.