The Department of Homeland Security's (DHS) Cyber and Infrastructure Security Agency (CISA) has issued a Shields Up Advisory amid growing geopolitical tensions surrounding Russia and Ukraine. In addition to the recent tensions, CISA and the Federal Bureau of Investigation (FBI) have observed regular targeting of U.S. cleared defense contractors (CDCs) by Russian-state sponsored cyber actors from January 2020 to February 2022.
These impending threats combined with a Russian track record to use effective tactics to destroy critical infrastructure, has put CISA on high alert to protect America’s sensitive information. Let’s dive into what Shields Up advisory means to GSA Schedule contractors in the Defense Industrial Base (DIB), and what precautions can be taken to avoid harmful cyberattacks.
Russian-state sponsored cyber actors have historically used common tactics to gain access to networks with weak security, taking advantage of simple passwords, unpatched systems, and unsuspected employees. Once they gain initial access, they can move laterally through the network to gather more critical data. The data they have managed to capture in the past provided significant insight into U.S. weapons platforms development, deployment timelines, vehicle specifications, and plans for communications infrastructure and technology.
Russian-state sponsored cyber actors have targeted both large and small U.S. cleared defense contractors (CDCs) and their subcontractors with varying levels of cybersecurity protocols. The targeted CDCs support contracts for the Department of Defense (DoD) and intelligence community in the following areas:
Due to the sensitive information widely available on unclassified CDC networks, CISA and the FBI anticipate Russian state-sponsored cyber actors will continue targeting CDCs for U.S. defense information.
Shields Up is essentially what the name indicates—putting your shield up to protect you from harm. In this case, it’s not a tangible shield to protect from weapons, but several precautions combined to create a strong defense against cyberattacks. As part of a shift from being reactive to proactive, the Cyber and Infrastructure Security Agency (CISA) has been working closely with the federal government’s most critical infrastructure partners to spread awareness of potential threats.
CISA has established a catalog of free cybersecurity services and tools from government partners and the open source community to help government agencies and contractors get the help they need to protect their networks. CISA also recommends adopting a heightened cybersecurity posture which we’ll cover below.
CISA recommends all organizations regardless of their size should heighten their security posture. What can you do to accomplish this? CISA recommends the following ways:
Reduce likelihood of a damaging cyber intrusion
Take steps to quickly detect a potential intrusion
Ensure your organization is prepared to respond if an intrusion happens
Maximize the organization’s resilience to a destructive cyber incident
The FBI, CISA, and the National Security Agency (NSA) have also created a list of 3 actions you can take to protect against malicious cyber activity from Russian-state sponsored actors.
1. Be prepared: Create, maintain, and exercise a cyber incident response plan, resilience plan, and continuity of operations plan. This will ensure critical functions and operations can be kept running if technology systems are disrupted or need to be taken offline.
2. Enhance your organization’s cyber posture: As mentioned above, follow best practices for identity and access management, protective controls and architecture, and vulnerability and configuration management.
3. Increase organizational vigilance: Make sure you stay updated on all threats. You can subscribe to CISA’s mailing list and feeds to receive notifications when CISA releases information about a security topic or threat.
While cybersecurity measures are incredibly important, they can be overwhelming, and you don’t want to assume you know what you’re doing especially if your network protection is at stake. CISA’s website has several resources, news, announcements, and insights into cybersecurity that can be very helpful for contractors. If you want to learn more about the basic cybersecurity measures all GSA contractors should be following, check out our blog on the “Top 5 Cybersecurity Requirements for Government Contractors.” You can also learn about GSA-related cybersecurity programs in our blog “Cybersecurity Resources and Programs for GSA Contractors.” If you have questions about keeping your GSA Schedule contract updated with all the cybersecurity measures or just routine compliance, we would be happy to help you.