Companies Must Prepare for More Russian Cyber Activity, Experts Warn
This article was licensed through Dow Jones Direct. The article was originally published on the Wall Street Journal.
U.S. companies should prepare for cyber blowback as President Biden imposes sanctions on Russia for its ongoing aggression in Ukraine, experts said.
On Tuesday afternoon, President Biden said his administration would levy sanctions on two Russian financial institutions, its sovereign debt and elite individuals in response to Russian President Vladimir Putin's movement of troops into the eastern Donbas region of Ukraine.
Speaking at The Wall Street Journal's virtual CIO Network Summit event on Tuesday, Rep. Jim Langevin (D., R.I.), a senior member of the House Armed Services Committee, said he is taking an "all hands on deck approach" to prepare for possible cyber retaliation against the U.S.
"We have to be realistic and understand that as we impose sanctions -- we take actions -- there could be blowback here," said Rep. Langevin.
In preparing for possible cyber attacks, Rep. Langevin said, "private companies also have a role to play." He said they should be implementing testing procedures to back up and restore data, instituting multifactor authentication on devices connected to their networks, ensuring software is up to date and patching known vulnerabilities.
Theresa Payton, founder and CEO of Fortalice Solutions and former CIO of the White House under President George W. Bush, said companies should consider locking accounts after two or three failed login attempts.
"During challenging times such as these, the Russian operatives could be using password spraying attacks, recycling passwords from past password data dumps and using artificial intelligence" to access corporate networks, Ms. Payton said at the CIO Network Summit event.
Cyberattacks against Ukraine are part of a hybrid warfare strategy Russia has taken to undermine the neighboring country. The attacks have included fake bomb threats and Distributed Denial of Service attacks against Ukrainian banks.
Sandra Joyce, executive vice president and head of global intelligence at cybersecurity firm Mandiant Inc., speaking at the CIO Network Summit, said those attacks are concerning because the White House has attributed them to the GRU, Russia's military intelligence service.
"This is a group with a long history of very disruptive actions," Ms. Joyce said, including the 2017 NotPetya attack.
Mandiant is currently helping Wall Street Journal parent company NewsCorp investigate a recent cyberattack.
Rep. Langevin noted that there are also nongovernmental Russian ransomware entities that operate with an understanding that the Russian government will look the other way as they "do Putin's bidding."
A number of cyber crimes in recent years have been linked to Russian entities, including an attack on Colonial Pipeline Co. in spring 2021 that led to the main conduit of fuel on the U.S. East Coast being shut down for days.
Rep. Langevin said he credits the Biden administration's handling of the Ukraine situation. He also said that if state-sponsored cyber attacks cause critical damage to our economy or loss of life, "we also have military options on the table," adding that those options are always a last resort.
Ms. Joyce said "I agree that we need to be thinking about military options last but they're certainly on the table."