- Critical infrastructure experts urged federal authorities to continue providing actionable intelligence at a time when the U.S. is under a heightened threat of cyberattack following the Russian invasion of Ukraine, in testimony before the House Homeland Security Committee.
- Russian threat activity against the U.S. has so far been modest, Adam Meyers, senior vice president of intelligence at CrowdStrike, told committee members. But the activity level could change at any time. Critical infrastructure providers must do a better job of using modern tools, proactive threat hunting and zero-trust architecture to mitigate threats, rather than relying on policy initiatives alone.
- Executives also warned that small, regional organizations — such as local banks, utilities and providers of critical infrastructure — do not have enough resources, personnel or sophisticated technology to protect against stealth threats from Russia or other nations.
With the Russian war in Ukraine in its sixth week, cybersecurity experts urged the House Homeland Security Committee to encourage faster and more specific threat intelligence sharing to help U.S. critical infrastructure providers prepare for potential threats.
CISA, the FBI and other federal agencies have warned for weeks about possible direct attacks against U.S. or NATO-based critical infrastructure providers as part of a strategy to limit western assistance for Ukraine, as well as retaliation for economic sanctions imposed on Russia.
CISA and the Environmental Protection Agency have conducted multiple threat briefings since December, with that information disseminated to about 58,000 water systems covering about 300 million consumers.
The water and wastewater treatment industry has been one of the key critical infrastructure providers under threat since last year, when federal officials warned of ransomware operators targeting drinking water and wastewater treatment facilities. An attempt was also made in early 2021 to poison a water treatment facility in Oldsmar, Florida.
Steven Silberstein, CEO of the Financial Services Information Sharing and Analysis shared intelligence Center, testified that CISA and the Treasury Department have shared intelligence and opened up emergency communications with the financial industry since before the winter holidays and have received classified and unclassified briefings.
The financial industry has not seen an increase in cyber threat activity linked to Russia, Silberstein said. However, some public officials and industry executives have expressed concerns in recent weeks about retaliatory activity against the sector following sanctions against Russia.