SHIELDS UP: Readout of CISA Call With Critical Infrastructure Partners on potential Cyberattacks Against the U.S

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) convened a three-hour call on March 22, 2022 with over 13,000 industry stakeholders to provide an update on the potential for Russian cyberattacks against the U.S. homeland and answer questions from a range of stakeholders across the nation.

As President Biden noted yesterday, evolving intelligence indicates that the Russian Government is exploring options to conduct potential cyberattacks against the United States. CISA echoed the President’s warning on the call today and reinforced the urgent need for all organizations, large and small, to act now to protect themselves against malicious cyber activity.

On the three-hour call, CISA Director Jen Easterly, Deputy Executive Assistant Director for Cybersecurity Matt Hartman, and Tonya Ugoretz, Deputy Assistant Director for the FBI’s cyber division, encouraged organizations of all sizes to have their Shields Up to cyber threats and take proactive measures now to mitigate risk to their networks. They encouraged those on the line to visit CISA.gov/Shields-Up to take action to protect their organizations and themselves and urged all critical infrastructure providers to implement the mitigation guidelines enumerated on CISA.gov/Shields-Up, including:

  • Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system;
  • Update the software on your computers and devices to continuously look for and mitigate threats;
  • Back up your data and ensure you have offline backups beyond the reach of malicious actors;
  • Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
  • Encrypt your data;
  • Sign up for CISA’s free cyber hygiene services; and
  • Educate your employees to common tactics that attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly.

Director Easterly urged all organizations, regardless of size, to contact CISA immediately if they believe they may have been impacted by a cyber incident. When cyber incidents are reported quickly, CISA can use the information to render assistance and help prevent other organizations and entities from falling victim to a similar attack. All organizations should report incidents and anomalous activity to report@cisa.gov or call the 24/7 CISA Central Operations Center at (888) 282-0870.  

Today’s event built on a series of briefings that CISA has been convening since late 2021 with U.S. Government and private sector stakeholders at both classified and unclassified levels. This outreach was provided to Federal Civilian Executive Branch Agencies, Sector Risk Management Agencies, private sector partners, state, local, tribal, and territorial (SLTT) governments, and international partners. To date, CISA has hosted or participated in more than 90 engagements reaching tens of thousands of partners. 

–Source: CISA.gov


A D V E R T I S E M E N T

Octo

NSA certifies Raytheon encryption

C4ISRNet reports the National Security Agency (NSA) has certified Raytheon’s KG-350 Ethernet encryption system for networks.

The Type 1 certification allows the KG-350 to be used to secure networks handing information up to top secret/sensitive compartmented information (TS/SCI) classification. Certification allows Raytheon to sell the encryptor to commercial, military and government customers immediately.

The KG-350 operates at 100 Mbps, 1 Gbps and 10 Gbps speeds. It can be used on tactical vehicles as well as fixed sites.

Read more

– by Michael Peck

Privacy vs. Security – Tech Giants and Feds Weigh In

Amazon, Facebook, Google, Microsoft Back Apple in Court Fight Over Encryption

SAN FRANCISCO, CA – RE/Code reports some of Apple’s fiercest technology rivals have sided with the Cupertino company in its court fight over encryption.

apple-fbi
image courtesy Re/Code

A Who’s Who of the tech sector — 15 companies that include Amazon, Cisco, Facebook, Google and Microsoft — filed a court brief today, speaking out in one voice in a case they describe as of singular importance to the industry.

In the filing, the companies say they share the public’s outrage at the attack that took place in San Bernardino and feel no sympathy for terrorists. Indeed, they collectively respond to tens of thousands of government requests for data to assist in criminal investigations.

But the technology giants say they draw the line at the government’s request in the San Bernardino case, in which law enforcement seeks to “commandeer” Apple’s engineers to undermine the security features of its own products. The companies call on the federal judge to throw out the order that would require Apple to assist investigators in hacking the iPhone used in a recent attack.

Read more

Top photo: Navy Admiral Michael S. Rogers, director of the National Security Agency (NSA) and commander of U.S. Cyber Command, addresses RSA Security Conference in San Francisco, March 1. 2016. U.S. Navy video.
%d bloggers like this: