Today, the CompTIA ISAO issued the following advisory. This thread is being opened for any discussion or necessary response related to this matter.
Dear CompTIA ISAO Member,
We have heard a few members expressing concern about the increased tensions surrounding the potential for military conflict between Russia and Ukraine. Specifically, some members are rightly concerned that any armed conflict between these two nations could include cyberattacks against critical infrastructure, businesses, and even private citizens around the globe.
I am writing today to let you know that the CompTIA ISAO shares these concerns, and we have been closely monitoring this situation for several weeks now. While we do not have any information, non-classified or classified, to indicate any specific threat to our members, we do believe that we all need to be in a significantly heightened state of alert and to closely monitor your networks and those of our customers and supply chain partners for any sign of suspicious activity.
Recently my colleague and friend, Scott Algeier, executive director of the IT-ISAC, issued a statement to all IT-ISAC members. As you know, the CompTIA ISAO and IT-ISAC are partners, and as such, Scott and I have collaborated on a statement to members of the CompTIA ISAO. That statement follows:
Joint Statement on Russia-Ukraine Geopolitical Tensions
With the heightened geopolitical tensions around the world, specifically between Russia and Ukraine, we wanted to take a moment to state the obvious—companies must take immediate steps to review and, if necessary, upgrade their cybersecurity and to prepare for potential consequences that might result from a nation-state sponsored cyberattack.
We cannot predict what will happen, but we know what has happened. Nation-state actors have a long history of attacking critical infrastructure, private enterprise, public institutions, and individual citizens. We regularly report on various nation-state actors who infiltrate supply chains, launch direct assaults, and steal core Intellectual Property.
If these actors use their capabilities against the industry in times of peace, we need to be prepared for them to deploy these capabilities during a time of conflict. We must prepare for the likelihood that they will hit us even harder than they have in the past.
The military and intelligence communities have a process called the "preparation of the battlefield." Those who served in the military know more about this exercise than we do. But essentially, the exercise looks at desired outcomes one would want to achieve and then walks backward from there to identify what information and actions were needed to get to that outcome. I need to know A, B, and C, to achieve Y.
We must assume that our adversaries have done a “preparation of the battlefield” on us. For years these actors have been probing our defenses, understanding our interconnections, and learning our interdependencies.
Companies should be prepared for:
It is not our intent to be overly alarmist. We do not have access to any information as to timing or targets. However, some analysts suggest that the time for diplomacy is rapidly ending, and the likelihood of armed conflict is increasing. We are not predicting that a nation-state adversary will launch a significant cyberattack. But it is prudent to prepare and plan for the possibility of disruptive cyberattacks.
As always, the CompTIA ISAO and the IT-ISAC teams will continue to provide updated reporting and share any new information we have with you. We encourage CompTIA ISAO members to continue with the strong, trusted collaboration that the Cyber Forum allows us to participate in. To that end, we are opening a thread in the Active Exploits Discussion/Recommendations forum today, which we will keep open until the current geopolitical tension around Russia and Ukraine resolve to a significant extent. Please post your concerns, questions, and any helpful information you may come across that may help others in this forum. If you detect new phishing or unusual behavior on the networks you manage, please post your findings to the Threat Submissions forum so our analysts may immediately investigate and report back.
As always, thank you for being an engaged member of the CompTIA ISAO.