CISA Urges Critical Infrastructure to Prepare For Holiday Cyber Threats

December 23, 2021 - In a recent brief, the Cybersecurity & Infrastructure Security Agency (CISA) strongly urged critical infrastructure leaders to take steps to prepare for holiday cyber threats as the end of the year approaches. Threat actors are known to target critical infrastructure entities during the holidays when employees and leaders may be preoccupied.

“In the lead up to the holidays and in light of persistent and ongoing cyber threats, CISA urges critical infrastructure owners and operators to take immediate steps to strengthen their computer network defenses against potential malicious cyberattacks,” CISA stated.

“Sophisticated threat actors, including nation-states and their proxies, have demonstrated capabilities to compromise networks and develop long-term persistence mechanisms. These actors have also demonstrated capability to leverage this access for targeted operations against critical infrastructure with potential to disrupt National Critical Functions.”

CISA outlined some key actions that critical infrastructure leaders should take immediately to achieve operational resiliency, improve network defenses, and safeguard their organizations from cyber threats over the holidays.

Leaders should aim to increase organizational vigilance by closing gaps in IT and OT security personnel coverage to ensure that the staff can provide continuous monitoring. Security coverage during this season is crucial since many organizations may have lower staffing during the winter holidays.

In addition, CISA recommended that leaders prepare their organization for rapid response by “adopting a state of heightened awareness.”

“Create, update, or review your cyber incident response procedures and ensure your personnel are familiar with the key steps they need to take during and following an incident. Have staff check reporting processes and exercise continuity of operations plans to test your ability to operate key functions in an IT-constrained or otherwise degraded environment,” CISA advised.

Leaders should also consider their organization’s cross-sector dependencies and the implications that a security incident could have on other sectors. Creating a cyber incident response plan is crucial when it comes to reacting, responding, and recovering from a security incident.

Organizations must make sure to stay informed about current malicious cybersecurity threats and encourage IT and OT staff to do the same.

Currently, a severe vulnerability associated with Apache Log4j, a common Java framework, is wreaking havoc across the healthcare sector and other industries. If exploited, threat actors could executive arbitrary code and orchestrate a large-scale cyberattack, resulting in data exfiltration and ransomware deployment.

Although there is a patch available, organizations will need to work quickly to implement it and to ensure that legacy systems are also secure.

Critical infrastructure entities should also make sure to report cybersecurity incidents to CISA, the FBI, and other relevant agencies. Additionally, it is crucial to ensure that all employees have received cybersecurity training and that network defenders have implemented cybersecurity best practices.

Implementing multi-factor authentication, patching regularly, installing software updates, prioritizing known vulnerabilities, and securing credentials are key steps in ensuring security across the organization.