The White House is urging organizations to take immediate action to harden cyber defenses as credible intelligence of a Russian cyberattack in response to U.S. involvement in the Ukraine crisis continues to evolve.
In a statement by President Joe Biden and a related fact sheet, the administration says there is “evolving intelligence that the Russian Government is exploring options for potential cyberattacks,” purportedly in response for U.S. support of Ukraine and economic sanctions that have impacted the Russian economy.
Russia has allegedly used a variety of cyberattack tactics against Ukraine, including destructive malware and other attacks masked by ransomware, but the U.S. and other western nations have largely been unscathed thus far. However, that may change as tensions escalate with the U.S. and other western countries continuing to provide assistance to Ukraine.
In Biden’s announcement, the president calls for the private sector to harden defenses immediately by implementing best practices that the administration, CISA and other entities have developed over the last year.
The White House is urging companies to take these steps to harden their IT environments, and they are largely standard best practices that organizations should be observing, regardless of the threat of a Russian cyberattack, including:
- Implementing multi-factor authentication
- Deploying modern endpoint protection tools on computers and devices
- Consulting cybersecurity professionals to make sure systems are patched against known vulnerabilities
- Changing passwords if they are ever compromised
- Backing up data to offline backups
- Creating and test emergency response plans
- Encrypting data so it can’t be used if it is stolen
- Training and educating employees on modern cybersecurity protocols
- Engaging with FBI or CISA offices to establish relationships in advance of cyber incidents and encouraging IT to review those resources
In addition to urging organizations to take those immediate steps, the White House is also urging technology and software companies to do their part to help protect their customers and the IT supply chain from a Russian cyberattack, including:
- Building security into products from the ground up
- Developing software only on a secure system accessible to only developers working on the project
- Using modern tools to scan for vulnerabilities in software
- Developing software bills of materials that include the ingredients in the software so IT can respond quickly if there are vulnerabilities
In addition, the White House urges organizations to implement the security practices mandated in Biden’s executive order, Improving Our Nation’s Cybersecurity. Under that executive order, software the U.S. government uses is required to meet specific security baselines.