The Department of Homeland Security's (DHS) Cyber and Infrastructure Security Agency (CISA) has issued a Shields Up Advisory amid growing geopolitical tensions surrounding Russia and Ukraine. In addition to the recent tensions, CISA and the Federal Bureau of Investigation (FBI) have observed regular targeting of U.S. cleared defense contractors (CDCs) by Russian-state sponsored cyber actors from January 2020 to February 2022.
These impending threats combined with a Russian track record to use effective tactics to destroy critical infrastructure, has put CISA on high alert to protect America’s sensitive information. Let’s dive into what Shields Up advisory means to GSA Schedule contractors in the Defense Industrial Base (DIB), and what precautions can be taken to avoid harmful cyberattacks.
What Threats Face the Federal Government and DIB Contractors?
Russian-state sponsored cyber actors have historically used common tactics to gain access to networks with weak security, taking advantage of simple passwords, unpatched systems, and unsuspected employees. Once they gain initial access, they can move laterally through the network to gather more critical data. The data they have managed to capture in the past provided significant insight into U.S. weapons platforms development, deployment timelines, vehicle specifications, and plans for communications infrastructure and technology.
Russian-state sponsored cyber actors have targeted both large and small U.S. cleared defense contractors (CDCs) and their subcontractors with varying levels of cybersecurity protocols. The targeted CDCs support contracts for the Department of Defense (DoD) and intelligence community in the following areas:
- Command, control, communications, and combat systems
- Intelligence, surveillance, reconnaissance, and targeting
- Weapons and missile development
- Vehicle and aircraft design
- Software development, data analytics, computers, and logistics
Due to the sensitive information widely available on unclassified CDC networks, CISA and the FBI anticipate Russian state-sponsored cyber actors will continue targeting CDCs for U.S. defense information.
What is CISA’s Shields Up Advisory?
Shields Up is essentially what the name indicates—putting your shield up to protect you from harm. In this case, it’s not a tangible shield to protect from weapons, but several precautions combined to create a strong defense against cyberattacks. As part of a shift from being reactive to proactive, the Cyber and Infrastructure Security Agency (CISA) has been working closely with the federal government’s most critical infrastructure partners to spread awareness of potential threats.
CISA has established a catalog of free cybersecurity services and tools from government partners and the open source community to help government agencies and contractors get the help they need to protect their networks. CISA also recommends adopting a heightened cybersecurity posture which we’ll cover below.
Adopting a Heightened Cybersecurity Posture
CISA recommends all organizations regardless of their size should heighten their security posture. What can you do to accomplish this? CISA recommends the following ways:
Reduce likelihood of a damaging cyber intrusion
- Ensure software is updated.
- Validate that all remote access to the organization’s network requires multi-factor authentication.
- Confirm that IT personnel have disabled all ports and protocols not essential for business.
- If using cloud services, review and implement strong controls outlined in CISA's guidance.
- Sign-up for CISA's free cyber hygiene services.
Take steps to quickly detect a potential intrusion
- Ensure that IT personnel are equipped to identify and quickly assess any unexpected or unusual network behavior.
- Confirm the entire organization’s network is protected by antivirus/antimalware software.
- If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations.
Ensure your organization is prepared to respond if an intrusion happens
- Create a crisis response tea with main Points of Contact (POCs) for a suspected cybersecurity incident.
- Assure availability of key personnel and their means to respond to an incident.
- Conduct an exercise so all participants know their roles during an incident.
Maximize the organization’s resilience to a destructive cyber incident
- Test backup procedures to make sure that critical data can be rapidly restored if your organization is impacted.
- If using industrial control systems or operational technology, conduct a test of manual controls to ensure critical functions remain operable if the network becomes unavailable.
Further Actions to Protect Against Russian-State Sponsored Activity
The FBI, CISA, and the National Security Agency (NSA) have also created a list of 3 actions you can take to protect against malicious cyber activity from Russian-state sponsored actors.
1. Be prepared: Create, maintain, and exercise a cyber incident response plan, resilience plan, and continuity of operations plan. This will ensure critical functions and operations can be kept running if technology systems are disrupted or need to be taken offline.
2. Enhance your organization’s cyber posture: As mentioned above, follow best practices for identity and access management, protective controls and architecture, and vulnerability and configuration management.
3. Increase organizational vigilance: Make sure you stay updated on all threats. You can subscribe to CISA’s mailing list and feeds to receive notifications when CISA releases information about a security topic or threat.
More Cybersecurity Resources for GSA Contractors
While cybersecurity measures are incredibly important, they can be overwhelming, and you don’t want to assume you know what you’re doing especially if your network protection is at stake. CISA’s website has several resources, news, announcements, and insights into cybersecurity that can be very helpful for contractors. If you want to learn more about the basic cybersecurity measures all GSA contractors should be following, check out our blog on the “Top 5 Cybersecurity Requirements for Government Contractors.” You can also learn about GSA-related cybersecurity programs in our blog “Cybersecurity Resources and Programs for GSA Contractors.” If you have questions about keeping your GSA Schedule contract updated with all the cybersecurity measures or just routine compliance, we would be happy to help you.
