After over a month of conflict following Russia’s invasion of Ukraine, Russia’s efforts persist as great power competition grows. The age of interconnectivity and high-speed communication presents large targets of opportunity for Russia to strike back at western countries following historic economic sanctions in response to Russia’s actions.
On March 21, 2022, U.S. President Joe Biden addressed the nation in a statement from the White House issuing a warning about the growing threat of malicious cyber-attacks from Russia against the United States. According to the president’s statement, “evolving intelligence indicates the Russian Government is exploring options for potential cyber-attacks,” and while the United States Government will do everything in its power to “deter, disrupt, and if necessary, respond” to cyber aggression, the nation must band together in a collective cyber defense.[1] According to Jen Easterly, director of the Cybersecurity and Infrastructure Agency (CISA), “every sector must be considered a target,” but experts agree with such an immense range of targets Russia’s primary focus will settle on critical infrastructure.[2]
CISA, under the Department of Homeland Security (DHS), identifies sixteen sectors of the economy as critical including energy, water, information technology, government, finance, and health among others.[3] Since much of the critical infrastructure is owned and operated by the private sector, our national defense relies heavily on public and private partnerships. Private sector organizations are being urged to accelerate their digital security posture and resiliency.
At Ankura two of our key values are doing the right thing and leveraging the collective. Our goal since the beginning of the Russia-Ukraine crisis is to deliver timely and accurate resources to ensure we are contributing to cybersecurity initiatives for those under threat of cyberattack.[4] In this security update, we aim to highlight SCADA, the most common vulnerability across critical infrastructure, aggregate public resources, and highlight collaborative cybersecurity initiatives to increase cyber posture for large organizations down to the individual.
Supervisory Control and Data Acquisition (SCADA) Systems
SCADA networks are an interconnected system of computers and applications incorporated into essential services systems, such as water and power, which facilitate the function of complex delivery systems and services. Originally, these systems were designed to facilitate maximum functionality and incorporated little security.[5] In 2015 Russia demonstrated the vulnerability of SCADA systems and the significant impacts of their offensive cyber capabilities when the state-attributed threat actor, Sandworm, shut down Ukraine’s power grid in Kyiv.[6] The threat actors were able to gain remote access to three control centers of Ukraine’s major electric distribution companies and the takeover of SCADA systems which ultimately led to opening breakers in vital systems, overloading the power grid.[7] Even prior to the 2015 Ukraine power grid cyber-attacks, many countries have led initiatives to enhance the security of SCADA systems.[8] Since the 2015 cyber-attacks, continuous security efforts have been implemented to refine security surrounding key infrastructure including contingency planning, disaster recovery, manual overrides, and cyber controls for SCADA networks.[9] Since SCADA networks are integral components to many of the sixteen (16) critical infrastructure sectors, the security of these systems must be prioritized.
Call to Action for Cooperative Cybersecurity
In response to the significant increased cyber threat, CISA has launched the Shields Up Initiative, which aggregates cyber resources from various government agencies such as the FBI to leading private sector organizations like Microsoft.[10] Everyone can access the essential resources and information to begin to understand the vital role each person plays in cybersecurity. Additionally, the White House published a fact sheet to address key areas of focus to enhance cybersecurity.[11] Significantly, in March 2022, the NSA published a 58-page cybersecurity network infrastructure guide with one highlight focusing on improving network perimeter security.[12] Private tech companies are exploring advanced technologies to aggregate and automate several of the key network security functions leveraging encryption and advanced analytics to deliver cutting-edge network security.[13] There are a number of revolutionary network security solutions available on the market that offer organizations the opportunity to consolidate their security tools, potentially saving costs while also optimizing security.
Ankura cyber professionals routinely advise and assist clients with the utilization of unique defense in depth capabilities while working to achieve no network latency. These methodologies and technologies are vital to SCADA and Industrial Control Systems (ICS).
Available Resources
We have collected a list of the key sites discussed in this document below for ease of navigation. Ankura’s team of cyber experts come from a multitude of backgrounds in the public and private sector and stand ready to work with clients to understand their unique needs and provide recommended options for solutions. Our team looks forward to supporting you and your organization with your cybersecurity journey. Ankura continues to Protect, Create, and Recover value for our clients.
- CISA Shields Up
- CISA FBI Official Alerts
- White House Cyber Fact Sheet
- See where your organization is within Critical Infrastructure
To stay up to date on the latest cyber threat activity, sign up for our weekly newsletter: the Ankura CTIX FLASH Update.
Have you experienced a breach? Please reach out to incident@ankura.com for our 24x7 incident response team. For general cybersecurity matters and questions, please reach out to ankuracyber@ankura.com.
The authors would like to thank Vince Stewart for his contribution to this article. Vince was a frequent supporter and advocate for military veterans and their families. Please read more here from the Director of National Intelligence https://www.dni.gov/index.php/newsroom/press-releases/press-releases-2023/item/2378-dni-haines-statement-on-the-passing-of-former-director-of-the-defense-intelligence-agency-lieutenant-general-vincent-stewart.
[1] https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/
[2] https://www.politico.com/news/2022/03/27/bidens-cyber-warnings-00020638
[3] https://www.cisa.gov/critical-infrastructure-sectors
[4] https://angle.ankura.com/post/102hjtm/a-cyber-threat-analysis-of-the-russia-ukraine-conflict
[5] https://www.oe.netl.doe.gov//docs/prepare/21stepsbooklet.pdf
[6] https://jsis.washington.edu/news/cyberattack-critical-infrastructure-russia-ukrainian-power-grid-attacks/
[7] E-ISAC, SANS ICS. “Analysis of the Cyber Attack on the Ukrainian Power Grid” March 18 2016. p4. http://www.nerc.com/pa/CI/ESISAC/Documents/E-ISAC_SANS_Ukraine_DUC_18Mar2016.pdf
[8] https://www.oe.netl.doe.gov//docs/prepare/21stepsbooklet.pdf
[9] https://www.cisa.gov/uscert/ncas/tips/ST17-001
[10] https://www.cisa.gov/shields-up
[11] https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/fact-sheet-act-now-to-protect-against-potential-cyberattacks/
[12] NSA Cybersecurity Technical Report Network Infrastructure Security Guidance March 2022,PP-22-0266, Version 1.0. https://media.defense.gov/2022/Mar/01/2002947139/-1/1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDANCE_20220301.PDF
[13] https://equatorcorporation.com/technology/ ; https://www.comptia.org/content/guides/network-security-basics-definition-threats-and-solutions ; https://www.cisa.gov/free-cybersecurity-services-and-tools ; https://www.cisecurity.org/insights/spotlight/cybersecurity-spotlight-defense-in-depth-did#:~:text=Defense%20in%20Depth%20(DiD)%20refers,network%20and%20the%20data%20within.
© Copyright 2022. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.
