CISA
Critical infrastructure
News

CISA notifies critical infrastructure sector of MDM, influence operations risks

February 21, 2022
CISA notifies critical infrastructure sector of MDM, influence operations risks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) provided critical infrastructure owners and operators with a threat overview of malicious hackers using influence operations, including tactics such as misinformation, disinformation, and malinformation (MDM), to shape public opinion, undermine trust, amplify division, and sow discord.

The move comes in the wake of the current Russia-Ukraine geopolitical tensions. As a result, there has been an increased risk that foreign influence operations could target critical infrastructure entities with MDM narratives to undermine U.S. interests.

Organizations can take steps internally and externally to ensure swift coordination in information sharing and the ability to communicate accurately and trusted information to bolster resilience, the U.S. security agency said in its latest ‘CISA Insights’ document. “Foreign actors engage in these actions to bias the development of policy and undermine the security of the U.S. and our allies, disrupt markets, and foment unrest. While influence operations have historical precedent, the evolution of technology, communications, and networked systems have created new vectors for exploitation,” CISA added.

A single MDM narrative can seem innocuous, but when promoted consistently to targeted audiences and reinforced by peers and individuals with influence, it can have compounding effects, CISA said. Modern foreign influence operations demonstrate how strategic and consistent exploitation of divisive issues and knowledge of the target audience and who they trust can increase the potency and impact of an MDM narrative to national critical functions (NCFs) and critical infrastructure, the agency added.

CISA also said that “current social factors—including heightened polarization and the ongoing global pandemic—increase the risk and potency of influence operations to U.S. critical infrastructure.” 

In recent years, foreign hackers have used influence operations to influence U.S. audiences and impact critical functions and services across multiple sectors, according to CISA. Foreign influence operations have been paired with cyber activity to derive content, create confusion, heighten anxieties, and distract from other events. 

In light of developing Russia-Ukraine geopolitical tensions, the risk of foreign influence operations affecting domestic audiences has increased, CISA said. Recently observed foreign influence operations abroad demonstrate that foreign governments and related hackers can employ sophisticated influence techniques to target U.S. audiences to disrupt U.S. critical infrastructure and undermine U.S. interests and authorities, it added. 

CISA called upon critical infrastructure asset owners and operators to assess the information environment, identify potential vulnerabilities that could be exploited by MDM, fortify communication channels by preparing communication channels, and establish contacts before MDM incidents occur, thereby allowing quick response and information sharing. 

Malicious actors can use hacking and other cyber activities as part of influence operations, CISA said. Hackers assist in surveillance or reconnaissance and provide opportunities for destructive attacks. Hijacking accounts and defacing public-facing sites can be used to influence public opinion. Organizations should be aware of cyber risks and take action to reduce the likelihood and impact of a potentially damaging compromise.

Organizations were also encouraged to ​​engage in proactive communication “using clear, consistent, and relevant communications that not only responds, but anticipates MDM is an important, effective way to maintain security and build public confidence.” They were also advised to develop an incident response plan, including designating an individual to oversee the MDM incident response process and associated crisis communications, the agency added.

The CISA also shared resources to help critical infrastructure organizations improve their security posture using its ‘Free Cybersecurity Services and Tools’ webpage. Targeted at organizations of all sizes to find free public and private sector resources to reduce their cybersecurity risk, the catalog published Friday “is a starting point. Going forward, CISA will incorporate other free services into the catalog,” the agency said.

The initial list includes services and tools from CISA, open-source community, and private and public sector organizations across the cybersecurity community, including Joint Cyber Defense Collaborative (JCDC) partners. 

“CISA is super proud to announce the start of a new catalog of free resources available to those critical infrastructure owners and operators who would benefit from tools to help their security and resilience,” Jen Easterly, CISA director, said. “Many organizations, both public and private, are target-rich and resource-poor. The resources on this list will help such organizations improve their security posture, which is particularly critical in the current heightened threat environment. This initial catalog will grow and mature as we include additional free tools from other partners,” she added.

CISA issued last week a ‘Shields Up’ alert that notifies every organization in the country of potential risk from cyber threats that can disrupt essential services and potentially impact public safety. The warning was preceded by a National Terrorism Advisory System (NTAS) Bulletin issued by the U.S. Department of Homeland Security (DHS) concerning the continued heightened threat environment across the country. 

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation