Cybersecurity and Infrastructure Security Agency Director Jen Easterly said the agency is "leaning forward" to inform critical infrastructure owners of ways they can protect their most important assets against possible cyber fallout from Russia's moves against Ukraine.
The Cybersecurity and Infrastructure Security Agency has published a new digital catalog dedicated to providing critical infrastructure owners and operators with free tools to combat cyber threats amid heightened tensions with Russia over the conflict in Ukraine.
The catalog is separated into sections designed to address various aspects of potential cyber threats, from "reducing the likelihood of a damaging cyber incident" and taking "steps to quickly detect a potential intrusion" to ensuring response preparedness and maximizing organizational resilience. Resources include popular antivirus programs and a host of CISA tools and services, including remote penetration tests and vulnerability scanning.
CISA Director Jen Easterly explained the reasoning for the new catalog when discussing recent Russian aggression against Ukraine at an event hosted by the Aspen Institute on Friday, saying: “We all recognize that threats to our digital infrastructure are, of course, not bound by national borders.”
“Our critical infrastructure is integrated into a larger global cyber ecosystem, which means that we all need to be ready, or as I like to say, 'shields up,'” Easterly added. “So given the rising tensions and the potential invasion of Ukraine by Russia, we've actually been leaning forward to inform our industry partners of potential threats.”
CISA said there were currently no known credible threats to the nation's critical infrastructure. However, the agency noted the possibility that Russia may "consider escalating its destabilizing actions in ways that may impact others outside of Ukraine," while recommending all organizations adopt a heightened cybersecurity posture to protect their most critical assets.
The new catalog also follows a recent advisory the agency released earlier this year, which pointed to a series of cyber incidents targeting public and private entities in Ukraine.
Both the new catalog and the previous guidance feature several steps all organizations can take to immediately begin improving their cyber posture, including implementing multi-factor authentication, patching known software vulnerabilities and enlisting in the agency's automated vulnerability scanning service.
CISA said its list of free tools and services will continue to mature with new offerings as it works with its partners to grow the catalog.