The Cybersecurity and Infrastructure Security Agency is highlighting basic cybersecurity standards, a new incident reporting hotline and its known exploited vulnerability catalog, among other measures, as the White House takes an “unprecedented” step in raising a specific warning about potential Russian cyber attacks.
The White House on Monday warned it had “evolving intelligence” showing the Russian government may be preparing cyber attacks on U.S. critical infrastructure in response to sanctions levied on Moscow after its invasion of Ukraine.
During a media roundtable hosted by NeoSystems on Tuesday, CISA chief of staff Kiersten Todt said the agency is focused on promoting resiliency across U.S. networks. The agency has been running a “Shields Up” website since Russia invaded Ukraine as a resource for information about potential Russian cyber activities.
“The good news there is that often it doesn’t require a lot of sophistication necessarily,” Todt said. “We’ve got to raise the baseline. And that’s why the call to action for encryption, for patching, for multifactor authentication. These are all still the basics that really need to be executed and instituted across the board.”
Congress also recently passed legislation requiring critical infrastructure operators to report cyber incidents to CISA within 72 hours. But the requirements won’t become effective until CISA finalizes the regulations through a rulemaking process.
However, Todt said CISA recently launched a new hotline, email@example.com, that companies can use if they want to voluntarily report incidents to CISA. The United States Computer Emergency Readiness Team, an organization within CISA, is responsible for coordinating incident response activities.
Todt said CISA has been working to “create trust for incident reporting” by working closely with the private sector through mechanisms like the Joint Cyber Defense Collaborative.
“This is such a critical tool, the ability to report incidents in a timely way so that CISA can then take that information and share it across sectors,” she said.
The White House’s decision to issue a public warning about specific Russian preparatory actions is an “extraordinary” step after weeks of more generalized statements about Russian cyber threats, according to Glenn Gerstell, former general counsel at the NSA and senior advisor at the Center for Strategic and International Studies.
“That’s really unprecedented for the President to do this,” Gerstell said during the roundtable. “It sounds like there’s a specific intelligence behind this.”
While the warning may have been unprecedented, some members of the information security community have complained the White House alert was light on details about specific cyber threat intelligence.
Tim Kosiba, the former head of the National Security Agency’s Tailored Access Operations Unit, said public-private collaboration mechanisms like the JCDC and the NSA’s new Cybersecurity Collaboration Center offer venues where officials can share more threat information with industry. Kosiba is now chief executive of bracket f, a government-focused subsidiary of cybersecurity firm Redacted.
“Clearly, there’s a reason why information is kept classified, for important reasons, and we, we need to be able to respect that,” Kosiba said in an interview on Inside the IC. “But at the same time, we need to be able to partner with private companies, certainly partner with industries throughout our country to ensure that our capabilities are what they need to be.”
CISA has also continued to update its “Known Exploited Vulnerabilities Catalog,” including with cybersecurity exploits used by Russia-linked groups, according to Todt. The catalog was established last year under a Binding Operational Directive that requires agencies to patch the listed vulnerabilities within specific time frames.
“There’s so much data, there’s so much out there that if we can help curate that, certainly for the purposes of this conflict, this crisis, this war, then we are we are helping out and we’re moving forward,” Todt said.
Kosiba also noted private sector officials in key areas like the energy and financial sectors, respectively, often hold security clearances to receive more sensitive cyber threat information.
“There’s a ton of sharing that’s actually going on, and it will continue to evolve and get better,” Kosiba said. “The methods and procedures that that the intelligence community uses clearly need to stay classified. But the information that is gleaned from what our adversaries want to actually do to us, or where they want to operate, is incredibly important for industry to be able to develop their defensive capabilities.”
The former NSA official said Russia may be particularly focused on areas where sanctions are affecting their economy and citizens.
“I would clearly think it is in Putin’s mind that that he could have an impact of the citizens of this country,” Kosiba said. “Especially where we are with the sanctions that are being levied on Russia today, certainly impacting their financial sector, their energy sector. So if you think about proportionality, several of those sectors could be targeted by the Russians.”