Critical Infrastructure Security, Threat Management

Think of the Russia-Ukraine conflict as a microcosm of the cyber war  

Today’s columnist, Teddra Burgess of Tanium, says security teams should think of the Russia-Ukraine conflict as a microcosm of the cyber war. Burgess writes that a combination of more legislation with proper funding from the Biden administration and Congress, breaking down silos, and increased information sharing can help the nation mitigate cyber ...

The Russia-Ukraine war has caused global upheaval with more than 4,000 civilian deaths in the span of just three months and no end in sight. The ongoing strife continues to have economic repercussions around the world with fluctuating markets and rampant inflation on top of instability from the pandemic.

The effects of Russia’s invasion are undeniable, touching the daily lives of everyday consumers with higher prices and unstocked shelves creating various challenges for families. However, the most serious implications of this conflict are the growing possibility of expanded cyber warfare that could impact society with serious disruptions to both public services as well as the global economy. Cyber warfare has become a force multiplier, increasing the effectiveness of kinetic operations. There have already been indications of an acceleration of sophisticated cyberattacks. But what do the signs mean, and what can we do to prepare?

Cause for concern

Targeting critical infrastructure and disrupting the supply chain has become a common tactic in military action. State-sponsored cyberattacks take this approach to the digital realm by disrupting the flow of commerce or access to critical utilities by using malicious code. Russia previously launched successful high-profile attacks against Ukraine in 2015 that resulted in a massive blackout of cities across the country. In this instance, experts attributed the aggression to the “Sandworm” hacker group, a known subordinate to Russian Military Intelligence.

The reemergence of the Conti ransomware group earlier this year with attacks against institutions within the Costa Rican government demonstrates that the tools and resources used prior to the Russian/Ukraine conflict are still very much in play and evolving. In addition, groups with suspected Russian ties such as REvil and Black Cat (ALPHV), that were previously believed disbanded, have shown signs of life with a recent spate of ransomware attacks. We’re going to see increased attacks by sympathizers without direct ties to the nation-states they’re acting on behalf of.

Some of this increase in activity stems from reactivation of previously executed ransomware campaigns where perpetrators targeted original victims and beyond. The ransomware attack against the ADA in April 2022 indicates that hackers are revictimizing previous targets with more threats of extortion. They are also using stolen information gained through the initial compromise to pursue the business connections of victims.

These most recent developments point to a concerning trend because of the escalation and atypical behavior displayed by established hacker groups, there’s potentially a power struggle in play after Russia’s invasion of Ukraine. This might explain the change in extortion patterns in an attempt to accumulate larger amounts of ill-gotten gain. As a result, we can expect to see this activity at the very least continue as we work to keep pace with the evolving attack surface.

Increased funding

Before Russia invaded Ukraine, the commitment by the United States government to thwart cyberattacks had already been gaining significant ground. This conflict reinforces the need to craft legislation, complete with the necessary funding, for a sustained focus against threats from global nation-state adversaries. While the situation in Ukraine has acted as a powerful catalyst to accelerate this reality, we’ve already seen a push for increased cyber funding in the U.S., with the Biden administration proposing $10.9 billion for civilian cybersecurity measures, an 11% increase over FY2022. A persistent issue remains: budgets are only impactful if intentions are aligned and, in the U.S., political agendas often interfere and hinder progress. To get something positive done, cybersecurity must function as a bipartisan affair, with our nation’s security the top priority above all else.

Additional support for the Cybersecurity and Infrastructure Security Agency (CISA) offers another major step in the right direction. The agency’s focus on cyber protection has already yielded new resources such as the Cyber Incident Reporting website, an excellent step for information gathering that all companies should use. Ideally, this reporting mechanism will become common practice for organizations to document and detail cyber incidents. While we expect initial growing pains, the potential benefits are critical to protecting our national infrastructure.

Sharing threat intel

It’s crucial to facilitate the streamlined and real-time exchange of public-private cyber threat intelligence when it comes to mitigating attacks, especially in times of global warfare. Unfortunately, there has been a historical hesitancy for government agencies and private entities to exchange information, but we must continue to do better. After the painful lessons learned in the wake of 9/11, we should opt for  information-sharing as one of our baseline priorities.

Gathering and disseminating comprehensive intelligence from a diversity of sources helps create a clearer “picture” of the threat landscape to strategize against. Real-time, decision-quality data will not only maintain the security of mission-critical applications and systems, but also provide the capacity for offensive measures, if necessary. This simple truth should encourage public-private partnerships that can flourish for the long term as threats continue to evolve.

Looking ahead

Think of the Russian-Ukraine war as a microcosm for the current state of cyber warfare. Both resurgent and new global campaigns demonstrate that advanced attacks are alive and well and gaining momentum with sophistication and tenacity. The conflict has also helped to bring clarity to our strengths and weaknesses as a country on the cyber front and the gaps we need to address. Both public and private entities remain far too reactive when it comes to security and our blind spots are too numerous to count.

If we can only manage what we can see today, then we aren’t fully protected. The resurgence of criminal cyber groups highlights the need to break down silos – political or otherwise –  and enact more legislation, secure funding, and facilitate information-sharing to unify resources across the public and private sectors and bring more focus towards keeping our country safe.

Teddra Burgess, senior vice president, public sector, Tanium

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.