CISA’s Goldstein Says Critical Infrastructure Should ‘Remain on Heightened Alert’
U.S. government agencies and private sector organizations should “remain on heightened alert” for disruptive cyberattacks targeting critical infrastructure and key sectors amid a series of escalating global conflicts, a top official for the U.S. Cybersecurity and Infrastructure Security Agency said on Wednesday.
Recent government analysis, including the latest annual global threat assessment of the U.S. intelligence community, indicates that cybercriminals and foreign adversaries would likely execute destructive attacks against critical infrastructure in the U.S. in the event of a Chinese conflict with Taiwan.
The U.S. is already facing major international crises – Russia’s invasion of Ukraine and the war between Israel and Hamas – that pose an “extraordinary challenge in cybersecurity” for government agencies, critical infrastructure operators and the private sector, said Eric Goldstein, CISA’s executive assistant director for cybersecurity.
“Russian cyber actors remain highly capable,” Goldstein said during an event hosted by think tank R Street Institute. There is “tremendous uncertainty” surrounding the future trajectory of Russian cyber activity around the war in Ukraine.
“We have to remain on heightened alert about how we think about the potential for future Russian cyber activity targeting the U.S. and our allies,” Goldstein added.
Prior to Russia’s February 2022 invasion, the Ukrainian private sector engaged in collaboration with international cybersecurity partners, an effort that played a significant role in enhancing the country’s cyber resilience, CISA Director Jen Easterly said in an August blog post.
CISA’s flagship public-private sector initiative, the Joint Cyber Defense Collaborative, began documenting information on Russian threat actors after the Kremlin invaded Ukraine last year, part of an effort to prevent and reduce disruptive cyber activities targeting both Ukraine and the U.S. homeland.
The JCDC – which boasts over 150 organizations across various sectors – has been “engaging in persistent collaboration” around the war between Israel and Hamas in recent weeks, according to Goldstein.
CISA has also been working “side by side” with its partners at the Israel National Cyber Directorate, Goldstein said. Cybersecurity attacks in that conflict appear from the outside to have been limited to attention-seeking hacktivist denial of service incidents. Close observers say the pace of those attacks has slowed after an initial burst during the first days of the conflict (see: Israel-Hamas War: Publicity-Seeking Hacktivists Take Sides).
In order to successfully prevent future cyber incidents linked to emerging international conflicts, Goldstein said the government will need to continue “driving investment” towards public-private sector cybersecurity initiatives while sharing a reciprocal level of valuable information to its private sector partners.
He added: “The more that we can do to make sure that we are sharing frictionlessly, we are sharing with reciprocal value, that’s going to let us get ahead of the threat and drive down risk before harm occurs.”