Russia, Ukraine, and Your Cybersecurity

By Adam Bricker, Executive Director of the Carolina Cyber Center

Conflict questions loom large—when will Russia invade Ukraine? How will Europe respond, and how will the US react?

In the anxiety produced by the physical presence of Russian troops surrounding Ukraine, we can overlook the other forms of Russian aggression against Ukraine. A few days ago, Dark Reader contributor Jai Vijayan noted that ‘a Russia-based advanced persistent threat group’ has been ramping up malicious activity against Ukraine. Cisco Talos Intelligence group also noted that some of these types of attacks have had an additional undercurrent: sowing seeds of distrust. By spreading disinformation regarding who lies behind malicious threats to Ukrainian cybersecurity, both Poland and Ukraine have been strategically framed. “The intent is not to actually convince people that someone else was the source, but instead to introduce enough doubt that it is politically useful either now or in future operations” the article from Talos argues.[1]

Cybersecurity is in the middle of a new age of warfare. President Putin has in the past used “’hybrid warfare,’ a witches’ brew of non-uniformed soldiers (the so-called ‘little green men,’), high end special forces, sophisticated offensive cyber against command centers and the electric grid, social media disinformation, and amphibious operations’”[2] and has continued to do so in the current Ukrainian conflict. As with the NotPetya incident in 2017, cyberwarfare often can’t be contained by the physical sovereign state lines. Not only that, but the intentional undermining of trust and disinformation displayed in current attacks on Ukraine shows that purposely sowing discord elsewhere would not be without precedent. As a result of the threats in Ukraine, the Cybersecurity and Infrastructure Security Agency (CISA) warned in a statement that “every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety.”[3]

What does this mean for US business owners or cybersecurity professionals? Put simply, it means we must remember that we are not alone. Rural areas like much of Western North Carolina, are often unprotected from cyber warfare threats and assume that, since they are ‘small targets,’ large threats won’t find them. But the small targets are also the softest and can lead to a breakdown of security on a larger scale. Just think about the turmoil that would erupt if our water infrastructure were taken down. So, remember that we’re not alone in a negative sense, but also remember it positively. Even while malicious actors work to undermine trust and break down alliances, surround yourself with professionals of character. Be a professional of character, whether as a CEO or a pen tester. Professionals of character are the ones who resist taking shortcuts, who own up to data breaches, and who resist the temptation to misuse privileges and harm others. We’re not alone because we can surround ourselves with a community of professionals that care about our nation, our livelihoods, and in being trustworthy participants of society. Character is the first step in maintaining a secure cyberfuture, and it starts with us.

 

 

[1] Biasini, N., Chen, M., Karkins, A., Khodjibaev, A., Neal, C., Olney, M., & Korzhevin, D. (2022, February 4). Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation. Talos. Retrieved on 9 February 2022 from Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation
[2]Stavridis, J. (2022, January 10). A former supreme commander of NATO on what Putin’s up to in the Ukraine. Time. Retrieved on 9 February 2022 from What Is Putin’s Strategy in the Ukraine | Time
[3]Cisa. Implement cybersecurity measures now to protect against potential critical threats. Talos. Retrieved on 9 February 2022 from CISA Insights Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats.

Contact Us

Get Started

No-risk, 30-day money-back guarantee. All instructional materials, labs, certification fees*, books, and range time are included.

*First attempt for certification included. The cost for additional certification attempts is the responsibility of the student.