CISA Shields Up: How to Respond

More than 30 countries now work together in a special cybersecurity initiative. It addresses this time of unrest.

The White House has issued many warnings about possible malicious cyber activity originating from Russia.

The government believes the nation may respond to economic sanctions. They levied these sanctions due to Russia’s current military activity. Recently, intelligence has emerged showing Russia could be exploring options for cyber attacks.

Keep reading to learn more about how to respond to the CISA Shields Up initiative.

The Launch of Shields Up

Since the start of the Biden-Harris administration, the government has issued warnings. It compelled organizations to beef up their security.

Now, the president has issued an executive order to modernize federal government defenses. He also calls for the improvement of cybersecurity.

As a result, our leadership has launched public-private action plans. The goal of the plans is to shore up security in the electricity, water, and pipeline sectors.

The plan calls for agencies to make full use of their governmental authority. They’re to use this authority to mandate new security and network defense methods.

Why Shields Up?

The invasion of Ukraine started on February 23, 2022. Two days later, the CISA issued a Shields Up warning for US organizations.

The rare precaution called for all organizations to prepare for disruptive cyber activity. It applies to all organizations, no matter their size.

This cybersecurity alert was a direct response to increased malicious cyber activity. This activity took place in Ukraine. Some of it included a flurry of DDoS malware attacks.

The CISA believes the United States could become the next target of Russian actors. It also issued a warning about ransomware activity. The activity takes advantage of the current geopolitical disruption.

The Start of the Campaign

CISA Shields Up guidance is comprehensive. The agency directed its recommendations to security organizations, CEOs, corporate leaders, and consumers.

As an organization, it’s essential to move beyond using this information for guidance. You must turn into concrete action.

Furthermore, organizations need to install new cyber defense strategies fast. You may also find the need to perform a comprehensive assessment. You may also need to revamp your network security.

A Look at the CISA

The CISA is the Cybersecurity and Infrastructure Security Agency. Its mission is to understand, manage, and reduce threats to the digital and physical infrastructure of the US.

The agency falls under the umbrella of the Department of Homeland Security. The CISA works to connect people and organizations. It provides these individuals with analyses, resources, and tools.

With these resources, organizations can build their own digital communications resilience. They can also improve their physical security. In turn, organizations can maintain a resilient infrastructure for American society.

An Overview of Shields Up

The Shields Up warning is the first of its kind issued by the CISA. It delivers sweeping guidance for people, businesses, and organizations.

Currently, there are no specific credible cyber threats to the United States. Yet, the unprovoked aggression of Russia against the UK has sparked concerns.

Moreover, the CISA expresses Russia’s aggression may go beyond Ukraine. As a result, leaders should take steps to strengthen organizational resilience.

Responding to Shields Up

The Shields Up warning covers five key recommendations for leaders. These recommendations include:

1. Empower CISOs (Chief Information Security Officers)
2. Lower reporting thresholds
3. Perform response plan testing
4. Focus on business continuity
5. Plan for the worst-case scenarios

It’s critical to understand each element of these recommendations. Let’s have a closer look at them.

Concerns for CISOs

Most organizations weigh security improvements against cost and operational risks. Leaders should empower CISOs in this heightened security environment. They must include them in the risk decision-making process.

It’s also vital your entire organization understands security investments are now a top priority.

Historically, security tools and processes have created friction in organizations. As a result, there’s been a widespread barrier to adoption.

Now, however, it’s vital to reassess risks and security posture. Organizations must rethink their trade-offs between security and operations.

More CISO-Related Concerns

In light of the Shields Up warning, CISOs must conduct a full risk assessment of all IT and physical and virtual devices. CISOs must understand the level of risks they’re accountable for. These include risks of data loss and non-compliance.

CISOs must document and identify all threats. These threats could include:

• Ideologies
• Malicious actors
• Nation states

The CISO must figure out how these threats can affect their organization. They must also figure out the right security and compliance frameworks for which they’re accountable.

As a result, organizations must ensure that CISOs have sufficient resources. These resources must suffice to address the risks facing your organization.

Fortunately, vendors have reduced points of friction greatly. Security has become more sophisticated. It’s become easier to deploy security tools.

Firms now deal less with device-level instrumentation and awkward user authentication. Furthermore, companies are better equipped to monitor and pinpoint malicious activity across networks. Whether on-premises or in the cloud, nimbler security tools have helped ease the friction involved with security tools.

Shields Up Reporting Thresholds

The CISA suggests every organization should have documented thresholds. They should use them for reporting cyber incidents to management and the government. However, the threshold is lower in this heightened threat environment.

Leaders must establish an expectation for their personnel to report any indications of malicious activity to the CISA or FBI. By lowering reporting thresholds, companies can ensure the immediate identification of issues. They can also protect against further attacks and victims.

Today, organizations face several reporting requirements. These requirements include frameworks from the:

• CCP
• GDPR
• HIPAA
• PCI

Now is a time of heightened threat activity. Organizations must report events to the proper government agencies. The reports can give guidance to other organizations, protect consumers, and stop future attacks.

Shields Up Documentation

Companies must document internal and external reporting thresholds based on several criteria. These criteria include:

• Threat levels
• Threat actors
• Compliance requirements
• Enterprise risks

Furthermore, organizations must translate the thresholds into graduated reporting groups. You can base the thresholds on the total risk level.

Also, leaders should work with local federal law enforcement cyber agencies. Ideally, they should work with the local FBI InfraGuard coordinator. Leaders should also join threat forms, such as the ISAC, FBI InfraGuard, and SANS.

When it comes to reporting to federal law enforcement, it’s better to risk overreporting than to underreport.

Companies should use multiple data sources as part of a comprehensive incident response strategy. These sources can help accelerate the identification of compromised systems. Network intelligence such as our XDR with BitLyft AIR platform can support this process.

Testing Your Response Plan

According to the CISA, your response plan should include your security and IT teams. However, it should also include your leaders and board members.

Your senior leadership should participate in a tabletop exercise. The exercise will make sure they’re familiar with how your organization manages major cyber incidents.

The exercise should include a response plan for your company. It should also include a response plan for cyber breaches that might occur in your supply chain.

Tabletop exercises are a vital mechanism. They ensure readiness for cyber incident responses.

Your organization should designate a crisis response team. The team will serve as a frontline for coordinating your response strategy.

Your team should include front-line security responders. It should also include IT operations and DevOps. Furthermore, you should include your communications and legal team.

You must figure out who’s responsible for communicating with your key constituents. These constituents include customers, shareholders, and even your staff.

Planning for Security

The CISA recommends organizations develop several plans. For instance, you should develop an organizational Continuity of Business Operations Plan.

You should also develop a Crisis Management and Communications Plan. Furthermore, organizations should develop a Disaster Recovery Plan. The plans should cover mission-critical technologies and production capabilities.

Organizations should also develop an Incident Response Plan for security incidents. You can use the NIST’s Computer Security Incident Handling Guide for this plan.

Make sure you record what you’ve learned from your tabletop exercises. You can use this information to inform and improve your contingency plans.

You can also use this information to incorporate internal and external stakeholders into your crisis plans. Internal stakeholders might include your incident response team. Meanwhile, external stakeholders might include your company’s attorneys.

Maintaining Operations Continuity

Firms have finite resources. You must focus those resources on your security and resilience systems that support your critical business functions.

Leaders must make sure to identify these systems. They must also ensure staff conducts continuity testing.

Furthermore, it’s essential to ensure critical business functions remain available. You must ensure your network functions after a cyber attack.

You should conduct a Business Impact Analysis before beginning any of your planning. This analysis will help you pinpoint your most critical business and operations systems.

Continuity Considerations

You must use your Business Impact Analysis to ensure you have sufficient processes. These processes include:

• Protective resources
• Compensating controls
• Redundant systems
• Backup recovery controls

You must implement these processes to ensure the resilience of your organization’s critical systems. Here again, you can refer to the NIST’s Computer Security Incident Handling Guide.

With these points in mind, identify the leadership responsible for your critical business systems. You must hold them accountable for the resilience controls of these systems.

How Serious Is the Threat?

The CISA recommends organizations prepare for a worst-case scenario. Leadership should make sure they can take urgent measures.

These measures must protect your organization from losses during an intrusion. They could include disconnecting the high-impact parts of your network.

Until recently, most advanced attacks included software supply chain compromises. Alternatively, they may have included the use of zero-day exploits.

Most often, nation-state actors committed these acts in either case. Now, organizations must harden their systems against cross-border threats.

With these highly sophisticated and damaging attacks, Russia has been a major player in the cyber landscape for some time. So far, US intelligence has not warned of an imminent attack. However, Russia’s history is a strong indicator of what could come.

Consider Organizational Impact

In this heightened threat environment, there are a few things you should consider. For instance, you must communicate your continuity plans to your entire staff.

You should also know most cyber breach intrusion insurance policies don’t cover acts of war. You can’t transfer this risk with security insurance. You can only remove the risk or manage it.

It helps to segment your network. You should also restrict access to and from the internet and company mobile devices. These are ways to control against possible cyberattacks.

Furthermore, you should monitor your network continually. You can do just that with our extended detection and response software. It can help you monitor your network for behavioral anomalies.

Assessing the Current Environment

It’s essential to figure out your risk management strategy. You must identify and understand your risks. You must also think about how much those risks can cost your organization.

Furthermore, you must determine the right security framework for your needs. There are several robust frameworks available, including:

• Center for Internet Security (CIS)
• ISO 27001/2
• NIST SP 800 53R5
• The NIST Security Framework (CSF)
• Top 18 Critical Security Controls

Regulatory compliance does not equal effective security. You must implement these measures along with any frameworks needed for regulatory compliance.

Managing Your Assets

You’ll need operational and technical resources to minimize risks to your security framework. As a result, you’ll need buy-in from executive leadership.

Your security leaders can use the CISA’s Shields Up recommendations and other guidance. This information will help communicate risks and priorities.

You should also keep an ongoing inventory of your assets. This is the process of finding, documenting, and keeping an accurate inventory. Your inventory might include:

• Applications
• Cloud assets
• Devices
• User accounts
• Vendors

The inventory process is critical for knowing what’s connected to your environment and who has access to it.

Your Partner in Cyber Threat Mitigation

Now you know more about how to respond to the CISA Shields Up initiative.

At BitLyft, our mission is to protect organizations from cyber attacks. Our community of security advocates are dedicated to creating a safer digital landscape. If you need help navigating the ramifications of CISA Shields Up, our team of cybersecurity consultants is ready to help. Contact us today and we'll help you establish a plan of action.