Public safety agencies warned of Russian cyberattacks on communications, critical infrastructures
“We know that interference with 911 systems by disabling their phone trunk lines and their radio systems is a prime target of Russian state-sponsored actors.”
By Kerri Hatt
FirstWatch has distributed an alert concerning possible Russian cyberattacks in the coming week to 10 days, targeting communications and public-safety critical infrastructures.
The alert included a recent White House Statement from President Joe Biden noting Russia is in the planning phases of a significant barrage of cyber attacks against the United States and reported Russian-sponsored cyber aggression at sustained levels never seen before.
In the White House Statement, President Biden urges infrastructure owners and operators to “accelerate efforts to lock their digital doors.”
According to Anne Neuberger, the White House’s deputy national security adviser for cyber and emerging technology, this warning is based on “evolving threat intelligence” that the Russian government is “exploring options for potential cyberattacks on critical infrastructure in the United States.”
FirstWatch noted the federally identified critical infrastructures being targeted include communications, public safety and healthcare operations. “We know that interference with 911 systems by disabling their phone trunk lines and their radio systems is a prime target of Russian state-sponsored actors,” the statement reads. “Many of our colleagues will be in the direct crosshairs of impending attacks.”
FirstWatch also reported a sudden and sharp increase of cyberattacks against public safety targets on Saturday, Jan. 29, 2022.
The team notes, “at FirstWatch, we've seen network attacks against our primary firewalls increase from 75 per second to over 1,500 per second and stay at that level over the past three months. In just the past 10 days we've seen an increase from 1,000 per second to 1,500 per second. Other companies, government agencies, and universities are seeing the same numbers. Nearly all of this traffic is being generated by Russian actors and spread from Russia and from ISPs that they have taken over in other countries.”
On-demand webinar: The growing threat of ransomware attacks on public safety agencies
Preventing ransomware attacks is possible; our expert panelists offer several best practices your agency can follow to help reduce risk and mitigate potential issues
The FirstWatch team shared the following actions public safety agencies can take to be better positioned for increased cyber aggression:
- Document your network and systems in detail, clean up your networks.
- Develop business continuity plans for handling a breach.
- Step up the seriousness of cyber-related threat training as an organizational priority.
Enhance security posture
- Backup your data – real-time, incremental, offsite, glacial.
- Develop best practices for keeping all hardware patched.
- Implement multifactor authentication, ideally with phone-based or stand-alone tokens.
- Ensure in policy and practice that there are no rogue devices on your network with IP and MAC scanning and 802.1 authentication.
- Don’t leave “hot” network ports open for connection.
- Encrypt data at rest and data in motion; PCs, tablets, phones should all be fully encrypted with auto-wipe after set number of failed logins.
- Geo-block the known bad actors in your firewalls.
- USB devices and ports are not your friend.
- Improve training for personnel regarding social engineering and phishing – take a look at www.knowbe4.com.
- Think “Zero Trust” as an overall concept – operating as if you are already working with a breach.
- Cybersafety and security must be a concern of everyone in the organization.
- Understand any regulatory compliance items you are required to meet.
- Stay updated on daily and weekly cyber updates issued from official government sources.
- Dedicate education budget and time for cyber education and awareness.
- If the organization makes cyber security and hygiene a consistent priority, personnel will too.
- Encourage personnel to point out cyber concerns and weaknesses to help improve overall positioning, get stronger.
Monitor – detect
- Develop logging systems to capture every action passing in and out of your firewalls and edge routers.
- Capture traffic bouncing off of your firewalls.
- Maintain at least a year of this logging data, it is vital for forensics in tracking down culprits in a breach.
- Establish alarms to notify the player and stakeholders when certain firewall events occur.
- Develop logging systems for user activity within your network for the same reasons as firewall logging.
- On larger networks, consider “honeypot” systems to help identify intruders that leverage access via third-party products.
- Study the logs regularly, know what normal looks like so that abnormal jumps out.
- Always follow up on the odd things.
- Have a planned response to a breach, practice the plan.
- Ensure everyone knows how to sound the alarm as soon as an anomaly is discovered. Most targeted breaches occur at night, on weekends and holidays when more junior staff is usually working – junior staff can be hesitant to sound the alarm.
- Know who you will notify, such as local and federal law enforcement.
- Two to four times per year, confirm that your plan is workable in the ever-changing environment.
Police1 cybersecurity resources
- 4-step road map to maximize your cybersecurity ROI
- On-demand webinar: The growing threat of ransomware attacks on public safety agencies
Additional cybersecurity resources
Learn more about cybersecurity with these resources:
- FACT SHEET: Act Now to Protect Against Potential Cyberattacks | The White House
- Cyber alert: Public safety systems are currently under attack
- On-Demand Webinar: The growing threat of ransomware attacks on public safety agencies