Together, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and United States Department of Energy (DOE) recently warned that action is needed to counter the ongoing threat of state-sponsored Russian cyber operations to the U.S. energy sector and other critical infrastructure.
Their report laid out details of multiple intrusion campaigns that hit both U.S. and international energy sector organizations between 2011 and 2018 and contended that attacks from indicted Russian state-sponsored hackers have not ceased. Information on the attacks was provided in conjunction with the U.S. Department of Justice unsealing indictments on four Russian government employees for campaigns targeting software and hardware for operational technology systems.
“In light of the indictments announced today and evolving intelligence that the Russian Government is exploring options to conduct potential cyberattacks against the U.S., CISA, along with our FBI and DOE partners, is issuing this joint advisory to reinforce the demonstrated threat posed by Russian state-sponsored cyber actors,” CISA Director Jen Easterly said. “While the intrusions highlighted in this advisory span an earlier period of time, the associated tactics, techniques, procedures, and mitigation steps are still highly relevant in the current threat environment. We urge all organizations, large and small, to carefully review this advisory, as well as visit www.cisa.gov/shields-up for regularly updated information on steps you can take to protect yourself and your business.”
In their advisory, the federal agencies pointed to three actions private industries and their networks could take to mitigate the perceived cyber threats:
- Implement strong network segmentation between IT and industrial control systems (ICS) networks
- Demand multifactor authentication for system access
- Manage the creation, modification, use of, and permissions for privileged accounts
The energy industry has already taken some action.
According to the Edison Electric Institute (EEI), which represents all U.S. investor-owned electric companies, member companies invested more than $25 billion last year alone for advancements in adaptation, hardening, and resiliency initiatives to strengthen U.S. transmission and distribution infrastructure. They also work with the federal government through the Electricity Subsector Coordinating Council (ESCC) and conduct regular exercises to prepare for emergency situations.
Yet the fact that the federal agencies’ advisory showcased technical details of a global energy sector intrusion campaign that used Havex malware, as well as the compromise of a Middle East-based energy sector organization with TRITON malware, showed that threats would take many forms and require constant preparation and adaptation.
“The Department of Justice’s actions today demonstrate the U.S. government’s commitment to hold malicious cyber actors accountable for their actions,” Puesh Kumar, DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) director, said. “DOE takes threats to the U.S. energy sector seriously and urges industry partners to remain vigilant in light of Russia’s invasion of Ukraine. DOE values the partnership with owners and operators, States, CISA, and the FBI to jointly tackle threats to critical infrastructure in the United States.”
Worries among federal agencies, and Congress, continue to grow that Russia will respond to U.S. support for Ukraine and repudiation of Russian efforts to invade the Eastern European nation with cyberattacks against U.S. targets. With that in mind, CISA also urged targets of cyberattacks to report them quickly, stating that the sooner such knowledge is made available, the quicker action can be taken to halt further attacks.