The White House, FBI, and CISA are ramping up their respective messaging around what they’re calling preparatory activity by Russia against U.S.-based critical infrastructure sectors. So-called lifeline sectors—identified by CISA as communications, transportation, water, energy, and financial services—have been warned by the government that reconnaissance efforts by Russia, including vulnerability and network scanning, have intensified. These could be precursors to potentially disruptive and damaging attacks, CISA said during a three-hour call with critical infrastructure owners and operators yesterday, available below.
CBS News, meanwhile, reported Tuesday that five U.S. energy companies were the focus of much of this activity, and that the FBI has communicated to 23 companies that it has traced network scanning to 140 Russia-linked IP addresses.
Electricity providers in Ukraine have been compromised and disrupted twice before by Russia, causing interruptions to power distribution in the country. The U.S. government has asked providers here—many of which are privately owned—to increase their vigilance around network monitoring and information sharing. Providers should have a low threshold for reporting incidents, CISA Director Jen Easterly said. Even mundane scanning should be reported, she said, in order for CISA and the FBI to connect similar activity from other sources that might indicate a larger campaign.
“Every business and entity should consider themselves at risk,” Easterly said, adding that financial services organizations are also high-priority targets for Russia in the wake of extensive economic sanctions imposed against Russia by the U.S. and its allies.
Have A Low Threshold for Information Sharing
CISA’s Shields Up program, initiated shortly after Russia’s Feb. 24 invasion of Ukraine, contains a catalog of freely available resources and tools that organizations may leverage, in particular smaller, less-resourced utilities that make up the bulk of providers nationwide.
A joint CISA, NSA, and FBI advisory released in January outlines in depth tactics, techniques, and procedures associated with a number of Russian state actors. That advisory should be the centerpiece of your intelligence as you monitor internal networks in the coming days and weeks for suspected malicious activity.