Cyber Guidance for CEOs: Homeland Security Warns of Heightened Cyber Threats to U.S. From Russia’s Ukraine Invasion

By Daniel Farber Huang

February 26, 2022

Photo credit: Saksham Choudhary for Pexels

The Russian government’s unprovoked attack on Ukraine, which has been accompanied by cyber-attacks on Ukrainian government and essential infrastructure organizations, may have consequences for U.S. critical infrastructure and interests, the Cybersecurity & Infrastructure Security Agency (CISA) warns.

CISA — which is an arm of Homeland Security — in coordination with the US Intelligence Community, law enforcement, the military, and industry risk management organizations, is monitoring the threat landscape to identify if such dangers translate into threats to the United States and its constituents. The United States is not currently facing any significant cyber threats at home, but CISA cautions of the possibility for Russia’s destabilizing activities to affect organizations both within and outside of the region, given the current sanctions imposed by the United States and its allies. Every organization, from large to small, should be prepared to respond to any unexpected cyber activity.

CISA recommends that all organizations, regardless of size, adopt a proactive, consistent posture when it comes to cybersecurity and protecting their most valuable assets.

Leaders at all levels of organizations have a crucial job in ensuring that their businesses adopt a more secure position. CISA encourages senior leaders, including CEOs, to follow the following procedures:

1. Empower Your Chief Information Security Officer (CISO). CISA recommends, “In nearly every organization, security improvements are weighed against cost and operational risks to the business. In this heightened threat environment, senior management should empower CISOs by including them in the decision-making process for risk to the company, and ensure that the entire organization understands that security investments are a top priority in the immediate term.”

2. Plan for the Worst. Senior management should ensure that your company’s most vital assets can be protected in the event of an attack with expedient action, such as disconnecting high-impact sections of the network if required.

3. Focus on Continuity. Recognizing limited resources, security and resilience should be focused on those systems that support essential business processes. Senior management should ensure that such systems have been identified and that continuity tests have been completed to guarantee that important business functions can continue to operate following a cyberattack.

4. Participate in a Test of Response Plans. Cyber incident response warrants that top management from across the board and members of the Board be involved in addition to your security and IT teams. If you haven’t done so already, your senior executives should participate in a tabletop exercise to make sure they are up to speed on how your firm will handle a major cyber crisis, not just for your business but also for companies throughout your supply chain.

5. Lower Reporting Thresholds. Documented criteria for reporting cybersecurity incidents to senior management and the US government should be implemented by every organization. In this heightened-risk scenario, thresholds for reporting suspected incidents should be lower and more welcoming than usual. Senior management should set a standard that any indications of malevolent cyber activity, whether blocked by security safeguards or not, should be reported to CISA or the FBI. Reducing thresholds assists CISA and the FBI to identify an issue and assist prevent further attack or victimization as soon as possible.

In the face of continuing denial-of-service and destructive malware assaults affecting Ukraine and other nations in the area, CISA is working with its Joint Cyber Defense Collaborative (JCDC) and international computer emergency readiness team (CERT) partners to assess and share information on these ongoing hostile cyber activities.

In today’s highly connected and complex technology environment it has become increasingly challenging to prevent incidents completely that may disrupt business operations, especially given the dependencies on supply chains where there is inherently imperfect control.

The current climate necessitates that companies and individuals be educated, aware, and resilient. This includes a commitment to ensuring preparedness and a quick, concerted response to minimize the consequences of catastrophes on national security, economic prosperity, public health and safety, as well as organizational and individual needs.

All organizations should report incidents and anomalous activity to CISA and/or the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292–3937 or mailto:CyWatch@fbi.gov

Daniel Farber Huang is a Consulting CISO, cybersecurity professional and author, and corporate finance strategist. You can see more of Daniel’s broad body of work at https://www.DanielFarberHuang.com