News

White House: Harden Infrastructure Security Now

U.S. "critical infrastructure" operators should "harden their cyberdefenses immediately" against possible Russian attacks, per a warning by The Biden White House this week.

The message was a repeat warning from similar White House communications back in November, presaging Russia's attack on the Ukraine. However, now "evolving intelligence" is suggesting that "the Russian Government is exploring options for potential cyberattacks" on U.S. infrastructure, the March 21 White House statement indicated.

Steps To Take
The security hardening steps organizations should observe are summarized in this "Fact Sheet" statement that accompanied the White House warning.

In short, the White House wants organizations to use "multifactor authentication," a secondary means of verifying identity beside a user name and password, although organizations should avoid misconfigurations. Network systems should be patched and protected. Organizations should use tools to detect and address threats.

Organizations also should have "offline backup" systems in place that can't be reached by attackers. Data should be encrypted to make it useless to attackers.

Drills should be conducted to test emergency response plans in organizations should an attack happen. Employees should be educated on common attack methods that can occur via e-mail or Web sites.

Organizations should reference CISA and FBI Web sites for technical information and resources.

The White House "Fact Sheet" also appealed to software makers to build security into their products from the beginning. They should isolate the systems on which their software is built to prevent tampering, and use automated code-review tools to detect and fix vulnerabilities. Software makers should also use a "software bill of materials" to keep track of the software components they use, including open source code.

Private Sector Ownership
The White House made its appeal to critical infrastructure operators, such as pipeline, water and electricity utility operators, with the understanding that a lot of that infrastructure isn't wholly under federal government control.

"Most of America's critical infrastructure is owned and operated by the private sector and critical infrastructure owners and operators must accelerate efforts to lock their digital doors," the statement indicated.

The White House appeal has precedent. In May of last year, privately owned Colonial Pipeline's operations were disrupted by a ransomware attack. It temporarily disrupted about 45 percent of fuel supplies to the U.S. East.

Following the Colonial Pipeline attack, CISA (Cybersecurity and Infrastructure Security Agency) and the FBI had issued similar advice on what infrastructure operators should do to harden security.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Microsoft Sets September Launch for Purview Data Governance

    Microsoft's AI-powered Purview solution to address governance and security challenges is set to become generally available on Sept. 1.

  • An image of planes flying around a globe

    2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • End of the Road for Kaspersky in the United States

    Kaspersky on Monday said it is shuttering its U.S. operations, just days before a nationwide ban on sales of its security software was set to take effect.