Russian invasion of Ukraine highlights need for cybersecurity at local level

The Russian invasion of Ukraine hasn’t only taken place on the ground—it’s also been conducted online. Ahead of the unprovoked attack, the Cybersecurity and Infrastructure Security Agency witnessed destructive malware attacks against Ukrainian infrastructure “to destroy computer systems and render them inoperable,” according to a security advisory issued by the federal organization this week. 

According to the advisory, WhisperGate, a type of malware that “corrupts a system’s master boot record, displays a fake ransomware note, and encrypts files based on certain file extensions,” was deployed by Russian agents Jan. 15 and HermeticWiper, which impacts systems in a similar way, was observed Feb. 23. 

“Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries,” the federal cybersecurity advisory says. “Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection and response for such an event.” 

As American administrators watch events unfold in Europe, local leaders are undoubtedly investigating the security of their own IT networks and bolstering protocols. If precedence is a barometer—given the rapid rise in cyberattacks on public infrastructure, even before the Russian invasion—focusing on cybersecurity is a good step. 

“If you’ve got an IT administration, you’re in one of the fairly well funded jurisdictions,” said Jim Richberg, public sector field chief for Fortinet, a California-based cybersecurity corporation, and former chief of the National Intelligence Manager for Cyber, the senior federal organization focused on cyber intelligence for the 17 organizations and 100,000 employees of the US Intelligence Community. Richberg oversaw implementation of the Comprehensive National Cybersecurity Initiative under presidents George W. Bush and Barack Obama. 

Many smaller public organizations “are doing IT on a BYOD basis—using their personal device—or they’re using IT from elsewhere,” Richberg said. “It really is a problem. And the reality is there are local governments that are very resource constrained.” 

As a few notable digital attacks like the Colonial Pipeline ransomware attack have shown, public utilities and infrastructure can be a vulnerable target, especially if it’s in a location that isn’t able to give adequate funding to digital defenses. Of all the potential types of attacks, Richberg said ransomware “has transformed the landscape of criminal activity.” 

Criminal networks these days have rentable code that can be used against organizations or can be hired to make attacks. Some even have help desks and technical support lines.  

“If I were in local government, it’s something I would be concerned could happen to me,” Richberg said. And while it might take a little while to implement large-scale cybersecurity changes in a community, there are some things administrators can do to prepare for an attack—be it from a foreign country or a hacker-for-hire. 

“Basic cyber hygiene (is something) we should be doing all along,” Richberg said, noting processes like updating patches regularly and two-factor login authentication measures. 

At the national level, the Biden Administration took a number of important steps last year to bolster federal agencies’ defenses—most notably pushing a zero-trust framework, migration to the cloud and the security of software programs used across organizations. Richberg said these measures are already being mirrored at local levels.  

With this, the Russian invasion of Ukraine is “another reminder for organizations to do the things they should be doing,” Richberg said, noting a rare opportunity that administrators can take advantage of. “We’re seeing this happen in Ukraine at the same time state and local governments are getting ready to receive a lot of money to invest in infrastructure—now is the right time.” 

When considering building using American Rescue Plan and Bipartisan Infrastructure Law allotments to building new bridges and wastewater treatment plants, modern cybersecurity measures should be a part of the planning process. 

“There’s no such thing as infrastructure that doesn’t have some sort of digital dimension,” Richberg said. “It’s relatively easy to build these kinds of specifications into the design—it’s going to be a whole lot harder to build that on when we’re all doing it differently and in a different way.” 

Bridges, for example, have sensors, and wastewater plants might be interconnected with communities throughout the region. Communicating with like-organizations and adjacent counties to ensure these updates can communicate with each other is an important consideration. 

“At the very technical level, there are standards,” Richberg said, but while the standards might be the same, the way communities implement and design systems might be different. “This is something that very much is a work in progress.” 

“Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries,” the federal cybersecurity advisory says. “Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection and response for such an event.”