Critical infrastructure
News
Risk & Compliance
Threat Landscape

Lawmakers request information from Department of Homeland Security on efforts to protect from Russian cyberattacks

March 15, 2022
Lawmakers request information from Department of Homeland Security on efforts to protect from Russian cyberattacks

The U.S. Department of Homeland Security (DHS) received a letter from a bipartisan group of 22 senators requesting a briefing on the department’s efforts to protect the nation’s public and private sector enterprises from the Russian government’s cyber and disinformation threats

The senators request for information on efforts to protect critical infrastructure and businesses from retaliatory Russian cyberattacks came after the U.S. announced trade and energy penalties on Russia and approved US$14 billion in aid for Ukraine. 

“The Russian government often engages in malicious cyber activities, including espionage, intellectual property theft, disinformation, propaganda, and cyberattacks, that target the United States,” the senators wrote in the letter, addressed to Alejandro Mayorkas, secretary of Homeland Security, over the weekend. “In response, the United States government has imposed sanctions on Russian security personnel and agents for various cyberattacks, including the SolarWinds cyber espionage campaign, and for acts of disinformation and interference, including Russian government-directed attempts to influence U.S. elections.”

The signatories of the letter include senators Jacky Rosen, M. Michael Rounds, Angus S. King, Jr., Richard Blumenthal, Sherrod Brown, Jeanne Shaheen, Shelley Moore Capito, Catherine Cortez Masto, Robert P. Casey Jr., Susan M. Collins, Dianne Feinstein, Joe Manchin III, Cory A. Booker, Raphael G. Warnock, John Hickenlooper, Chris Van Hollen, Alex Padilla, Mike Braun, Tammy Duckworth, Mark Kelly, Michael F. Bennet, and Kirsten Gillibrand.

A copy of the letter has also been shared with Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), John Christopher Inglis, National Cyber Director, and Anne Neuberger, deputy national security advisor for cyber and emerging technology.

The lawmakers commended the CISA for creating the Shields Up Technical Guidance webpage to help organizations prepare for, respond to, and mitigate the impact of cyberattacks in the context of Russia’s invasion of Ukraine. 

Given the evolving threat landscape regarding potential cyberattacks and disinformation activities by Russia, the senators have sought a briefing with the Department of Homeland Security and sought responses to various issues, including what is the CISA itself doing to monitor and proactively defend against Russian state-sponsored cyber threats, and is there a strategy in place should U.S. critical infrastructure be targeted. 

The senators also asked the Homeland Security secretary if there were any specific U.S. entities or sectors that are targets, and if so, how is CISA proactively identifying and providing technical support to critical infrastructure owners and operators that are most at risk. In addition, the lawmakers asked Mayorkas for details on how the Shields Up Technical Guidance was disseminated to critical infrastructure owners and operators. Specifically, how is guidance being shared with smaller entities that do not have CIOs or CISOs and entities that are not members of the Joint Cyber Defense Collaborative, the letter added.

Moving on to the issue of disinformation, the senators asked the Homeland Security secretary how is the department defending against Russian disinformation efforts, and how has the disinformation threat level to the United States homeland changed since Russia’s invasion of Ukraine, and what is the Department doing to mitigate that threat. The senators also looked into how CISA coordinated with international partners to advance operational coordination and build partner capacity, including for NATO allies and Ukraine.

The senators’ letter came as the Anonymous hacker group attacked the systems of the German subsidiary of Russian energy giant Rosneft and stole 20TB of data. The breach has not affected Rosneft’s business or the supply situation, though the company’s systems have been affected.

“The problem is that critical environments do not fail gracefully and there is no option of reverting to pen and paper,” Toby Lewis, head of threat analysis at cybersecurity AI company Darktrace, wrote in an emailed statement. “The urgent challenge for defenders of Critical National Infrastructure globally is to be able to interrupt attacks once they get inside, before normal business operations are disrupted and before widespread shutdowns,” he added.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights