Start your day with intelligence. Get The OODA Daily Pulse.
The President has just announced he has indications that the Russians are targeting our national infrastructure for a possible cyberattack, saying all companies should prepare and raise defenses asap.
This is an important announcement that should be taken seriously by all companies in every sector of the economy and by individuals as well. It is also the first time in history that a President has announced specific indications of a potential cyber attack from an adversary nation. This is absolutely worth paying attention to and worth thinking through your actions in response.
Here is more context:
To help contextualize recommendations to be as actionable as possible, the following is broken down by organization size:
Most all large businesses and large government agencies will already have a security program, but if there are any questions about what this should look like reach out to experts immediately to improve your program (contact OODA here). It can be very hard to make fast changes to a large organization, but starting an improvement plan now is better than waiting till you are under siege.
We recommend large businesses and large federal agencies convene their leadership team immediately to discuss worse case scenarios regarding infrastructure attack and response, to include quick table-top exercises to ensure the entire leadership team is aware of what the threat may mean for continued business operations. The IT and security team should be questioned regarding backup and recovery capabilities including last time that recovery was tested. The IT and security teams should also ensure core business communications links are redundant so operations can continue in outages of primary links. And security out of band communications should be put in place including means for the executive team to communicate directly with each other with security (using apps such as Wickr Pro).
This is also a good time to reconfirm appropriate relationships with external partners including the appropriate ISAC for your business sector. Contact the ISAC now and start a dialog on the nature of the Russian cyber threat to your sector. The US DHS security team at CISA has been providing exceptional cybersecurity leadership on topics like countering ransomware and patching big vulnerabilities like Log4j and during a conflict with Russia will no doubt be providing key info to business leaders. One particularly relevant initiative of CISA which we believe will prove instrumental in improving collaboration in time of crisis is the Joint Cyber Defense Collaborative (JCDC).
Continue to push towards a zero trust architecture and continue to train employees on the importance of security.
The White House release is focused on cyber attacks. Also consider what to do in the face of misinformation/disinformation attacks. Large businesses and governments should put plans in place to inform employees, customers and partners of what to do in the face of misinformation and disinformation attacks. Employees should know who to contact inside the organization to confirm questionable information. Leadership should be prepared to rapidly communicate to the public, employees and partners to counter intentionally deceptive information.
It is an unfortunate reality that most small to mid-sized businesses and most state and local governments have very thinly manned security teams. Leaders in these organizations should understand it is incumbent on them to ensure the business can continue when under cyber attack. Fortunately there are best practices that can be followed to help prioritize actions (see OODA’s Cybersecurity Sensemaking Page and Best Practices for Agile Cyber Defense). The The US DHS security team at CISA also has insights and advice relevant for mid-sized businesses and state and local governments. We most strongly recommend all small to mid sized organizations including governments review the specific, actionable advice of the Global Cyber Alliance.
Key items to check into immediately include:
Your home and personal IT can be used as a launching pad for Russian attacks against others so it is critically important to take personal responsibility to defend your part of cyberspace. One thing all who are more technically savvy can do is to help others protect themselves. We strongly recommend reaching out to friends, family and small business partners to help others understand and execute on:
It should go without saying that tracking threats is critical to informing your actions. This includes reading our OODA Daily Pulse, which will give you insights into the nature of the threat and risks to business operations.
Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis
The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking
OODA’s leadership and analysts have decades of direct experience helping organizations improve their ability to make sense of their current environment and assess the best courses of action for success going forward. This includes helping establish competitive intelligence and corporate intelligence capabilities. Our special series on the Intelligent Enterprise highlights research and reports that can accelerate any organization along their journey to optimized intelligence. See: Corporate Sensemaking
In 2020, we launched the OODAcast video and podcast series designed to provide you with insightful analysis and intelligence to inform your decision making process. We do this through a series of expert interviews and topical videos highlighting global technologies such as cybersecurity, AI, quantum computing along with discussions on global risk and opportunity issues. See: The OODAcast