CISA, FBI and DOE Issue Joint Cyber Advisory for the Energy Sector

On March 24, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Energy (DOE) published a joint advisory for the U.S. and international energy sector organizations.

The joint advisory, titled  “Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector” provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 which targeted U.S. and international Energy Sector organizations.

“In light of the indictments announced today and evolving intelligence that the Russian Government is exploring options to conduct potential cyberattacks against the U.S., CISA, along with our FBI and DOE partners, is issuing this joint advisory to reinforce the demonstrated threat posed by Russian state-sponsored cyber actors,” said CISA Director Jen Easterly.

The advisory includes technical information on previous Russia state-sponsored attacks between 2011 and 2019, including details of a global energy sector attack and a Middle East-based energy sector organization malware compromise. The alert recommends organizations immediately:

  • Enforce multifactor authentication to authenticate into a system.
  • Implement and ensure robust network segmentation between information technology and industrial control systems (ICS) networks.
  • Manage the creation of, modification of, use of and permissions associated with privileged accounts.

Citing these past incidents with the current concerns of potential Russian cyber-attacks on U.S. businesses, the advisory reiterates the importance for the U.S. energy sector and critical infrastructure organizations to take immediate actions to mitigate cyber risk and protect their networks. The full advisory is viewable at https://www.cisa.gov/uscert/ncas/alerts/aa22-083a.

Easterly encouraged organizations to visit the CISA Shields Up page, which provides important information about the potential direct and indirect cybersecurity threats U.S. businesses may face due to the escalating Russia and Ukraine conflict.

The page also provides verified contact information to report threats, free cybersecurity tools and services, a list of cybersecurity best practices to help organizations reduce the likelihood of a damaging cyber intrusion, steps to quickly detect a potential intrusion, guidance regarding intrusion response preparation and tips on how to strengthen current defenses. The Shields Up page is viewable at https://www.cisa.gov/shields-up.

White House Releases Act Now to Protect Against Potential Cyberattacks Fact Sheet

In addition to the joint advisory, the Biden Administration recently released the “Act Now to Protect Against Potential Cyberattacks" fact sheet in response to reports from the intelligence community indicating Russia was exploring options for cyber attacks on the United States.

The fact sheet reiterates the growing concerns over the potential cyber attacks Russia may deploy in response to the economic sanctions from the United States and states that there is now evolving intelligence that Russia may be exploring options for potential cyber attacks.

The fact sheet encourages the private sector and other U.S. businesses to visit the aforementioned CISA Shields Up page and urges companies to take several immediate actions including:

  • Back up your data and ensure you have offline backups beyond the reach of malicious actors.Deploy modern security tools on your computers and devices to continuously look for and mitigate threats.
  • Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities and change passwords across your networks so that previously stolen credentials are useless to malicious actors.
  • Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system.
  • Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack.

The fact sheet also lays out several recommendations specifically for technology and software companies including:

  • Build security into your products from the ground up — “bake it in, don’t bolt it on” — to protect both your intellectual property and your customers’ privacy.
  • Develop software only on a system that is highly secure and only accessible to those actually working on a particular project. This will make it much harder for an intruder to jump from system to system and compromise a product or steal your intellectual property.
  • Software developers are responsible for all code used in their products, including open-source code. Most software is built using many different components and libraries, much of which is open source. Make sure developers know the provenance (i.e., origin) of components they are using and have a “software bill of materials,” so they can rapidly correct any vulnerabilities they may find in those components.  

The fact sheet is viewable at www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/fact-sheet-act-now-to-protect-against-potential-cyberattacks/.

Related Links

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].

In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

 

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2023 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
SEC Charges SolarWinds and CISO Timothy Brown For Misleading Investors
Think Before You Click: Fake Browser Updates are Back in Style
Protect Your Manufacturers: 3 Common Cyber Attack Methods to Watch Out for in 2023
Protect Your Students, Faculty and Staff: 3 Common Cyber Attack Methods to Watch Out for in 2023
Single Audit Reporting Reminders
Protect Your Retail Business: 3 Common Cyber Attack Methods to Watch Out for in 2023
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Pittsburgh

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×