{"id":4554,"date":"2022-03-22T09:00:17","date_gmt":"2022-03-22T14:00:17","guid":{"rendered":"https:\/\/blogs.luc.edu\/compliance\/?p=4554"},"modified":"2022-03-22T09:00:17","modified_gmt":"2022-03-22T14:00:17","slug":"the-first-cyber-war-the-threat-of-russian-cyberattacks-has-thrust-cybersecurity-compliance-into-the-spotlight","status":"publish","type":"post","link":"https:\/\/blogs.luc.edu\/compliance\/?p=4554","title":{"rendered":"The First Cyber War: The Threat of Russian Cyberattacks has Thrust Cybersecurity Compliance into the Spotlight"},"content":{"rendered":"<p><span style=\"font-family: 'times new roman', times, serif\"><em>Annalisa Kolb <\/em><\/span><\/p>\n<p><span style=\"font-family: 'times new roman', times, serif\"><em>Associate Editor <\/em><\/span><\/p>\n<p><span style=\"font-family: 'times new roman', times, serif\"><em>Loyola University Chicago School of Law, J.D. 2023<\/em><\/span><\/p>\n<p><span style=\"font-family: 'times new roman', times, serif\">The impact of Russia\u2019s <a href=\"https:\/\/www.usaid.gov\/news-information\/press-releases\/feb-25-2022-russia-unprovoked-and-unjustified-attack-ukraine\">unprovoked attack on Ukraine<\/a> on February 24, 2022 has not only caused a horrific human rights crisis but has also had a dramatic effect on how the world conducts business, felt well beyond the borders of Russia and Ukraine. Warnings of an imminent Russian cyberattack on critical United States infrastructure has small and large businesses alike brushing up their cybersecurity policies to ensure they are compliant with current best practices in the likely event of a Russian cyberattack and impending federal legislation.<\/span><!--more--><\/p>\n<p><span style=\"font-family: 'times new roman', times, serif\"><strong>Alerts of an increased risk of Russian cyberattacks \u00a0<\/strong><\/span><\/p>\n<p><span style=\"font-family: 'times new roman', times, serif\">Shortly after Russia began its invasion of Ukraine, the Cybersecurity and Infrastructure Security Agency (CISA) <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-057a\">warned<\/a> that destructive malware deployed by Russia against Ukrainian organizations may also be used against other countries, especially as more economic sanctions are placed upon Russia. CISA further warned that this type of malware, known as <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2022\/01\/15\/destructive-malware-targeting-ukrainian-organizations\/\">WhisperGate<\/a>, presents a direct threat to the daily operation of organizations and impacts the availability of critical assets and data.<\/span><\/p>\n<p><span style=\"font-family: 'times new roman', times, serif\">While CISA made clear in <a href=\"https:\/\/www.cisa.gov\/shields-up\">another announcement<\/a> that there is not currently a specific credible cyber threat to the U.S., the fact that the Russian invasion of Ukraine involved intense cyberattacks on Ukrainian governmental and critical infrastructure organizations presents a cause for concern for similar organizations in the U.S. CISA, therefore, created the \u201c<a href=\"https:\/\/www.cisa.gov\/uscert\/shields-technical-guidance\">Shields UP<\/a>\u201d technical guidance initiative to provide guidance on creating policies to prepare for, respond to, and mitigate the impact of a cyberattack.<\/span><\/p>\n<p><span style=\"font-family: 'times new roman', times, serif\"><strong>Implications of cyber warfare on cybersecurity legislation \u00a0\u00a0<\/strong>\u00a0\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-family: 'times new roman', times, serif\">This war marks one of the first times state-sponsored cyberattacks are being used as a central military tool and has caused some members of Congress to <a href=\"https:\/\/www.newsnationnow.com\/cybersecurity\/congressmans-cybersecurity-act-makes-progress-to-aid-the-private-sector\/\">advocate<\/a> fast-tracking cybersecurity legislation. For example, U.S. Rep. Don Bacon of Nebraska is pushing for the passage of <a href=\"https:\/\/bacon.house.gov\/news\/documentsingle.aspx?DocumentID=790\">H.R. 5658, the DHS Roles and Responsibilities in Cyber Space Act<\/a>, which would require the Secretary of Homeland Security to assess its cyber incident response plans and procedures, and provide recommendations for improvement.<\/span><\/p>\n<p><span style=\"font-family: 'times new roman', times, serif\">On March 1, 2022, the <a href=\"https:\/\/therecord.media\/senate-approves-cyber-incident-reporting-bill-amid-worries-about-russian-threats\/\">Senate approved<\/a> a bipartisan package of cybersecurity bills, known as the <a href=\"https:\/\/www.congress.gov\/bill\/117th-congress\/senate-bill\/3600\/all-info#:~:text=Introduced%20in%20Senate%20(02%2F08%2F2022)&amp;text=This%20bill%20addresses%20cybersecurity%20threats,assessments%20of%20federal%20risk%20posture.\">Strengthening American Cybersecurity Act of 2022<\/a>, with legislation that will require mandatory incident reporting of cyberattacks against critical infrastructures. The package includes a bill that would update the <a href=\"https:\/\/www.cisa.gov\/federal-information-security-modernization-act\">Federal Information Security Modernization Act (FISMA)<\/a> for the first time since 2014 by codifying the responsibilities of recently created cyber officials, such as the National Cyber Director. The same package was <a href=\"https:\/\/therecord.media\/democrats-accused-gop-of-scuttling-incident-reporting-in-massive-defense-bill\/\">blocked<\/a> by Republican Senate leaders and stripped from the annual defense policy bill just months ago.<\/span><\/p>\n<p><span style=\"font-family: 'times new roman', times, serif\"><strong>Why has it taken a war to make cybersecurity a priority? \u00a0<\/strong><\/span><\/p>\n<p><span style=\"font-family: 'times new roman', times, serif\">Although Russian cyber-attacks have recently been in the headlines, the danger of cyberattacks has clearly been established as real over the last few years. Last May, a <a href=\"https:\/\/www.newsnationnow.com\/us-news\/southeast\/scramble-on-for-new-fuel-routes-after-colonial-pipeline-hack\/\">ransomware attack<\/a> by the Russian hacking group \u201cDarkside\u201d caused the Colonial Pipeline, one of the largest oil pipelines in the U.S., to shut down for several days, <a href=\"https:\/\/www.newsnationnow.com\/us-news\/fears-of-gas-shortages-lead-to-long-lines-at-pumps-rising-prices-after-cyberattack-targets-pipeline\/\">causing panic<\/a> among some consumers in the Southeast and a <a href=\"https:\/\/www.newsnationnow.com\/us-news\/southeast\/scramble-on-for-new-fuel-routes-after-colonial-pipeline-hack\/\">state of emergency<\/a> in North Carolina. This incident marked the most significant cyberattack on energy infrastructure in American history. Just days later, the world\u2019s largest meat supplier, JBS, experienced a similar <a href=\"https:\/\/www.cbsnews.com\/news\/jbs-ransom-11-million\/\">ransomware attack<\/a>, causing it to suspend operations of nine processing facilities in the U.S. The <a href=\"https:\/\/www.bbc.com\/news\/world-us-canada-57338896\">FBI believes<\/a> a Russian hacking group was behind the JBS attack as well.<\/span><\/p>\n<p><span style=\"font-family: 'times new roman', times, serif\">If organizations have waited until now to evaluate their cybersecurity risk, they are likely too late, as effective cybersecurity policies are complicated and take time to implement. And while pushing for cybersecurity legislation may help organizations with their cybersecurity policies in the future, it will not do much for organizations that currently remain vulnerable to attacks.<\/span><\/p>\n<p><span style=\"font-family: 'times new roman', times, serif\">The continued clear vulnerability of our essential infrastructures is unacceptable. Given the <a href=\"https:\/\/blog.checkpoint.com\/2022\/01\/10\/check-point-research-cyber-attacks-increased-50-year-over-year\/\">major increase<\/a> in quantity and intensity of cyberattacks over the last few years, including the two discussed above, it is gravely concerning that cybersecurity has remained on the backburner for organizations and lawmakers. Businesses of all types and sizes must prioritize and adequately fund cybersecurity compliance programs both to comply with their internal processes and ensure they operate within the boundaries of the law considering the inevitability of federal cybersecurity laws.<\/span><\/p>\n<p><span style=\"font-family: 'times new roman', times, serif\"><strong><em>Author\u2019s note<\/em><\/strong><\/span><\/p>\n<p><span style=\"font-family: 'times new roman', times, serif\"><em>While the threat to cybersecurity is important and worth discussing, we must remember that Russia\u2019s unprovoked and senseless war on Ukraine has caused an <\/em><a href=\"https:\/\/www.cfr.org\/in-brief\/ukraine-humanitarian-crisis-refugees-aid\"><em>unacceptable humanitarian crisis<\/em><\/a><em>. Please visit this <\/em><a href=\"https:\/\/how-to-help-ukraine-now.super.site\/?fbclid=IwAR0mKw5IabM_bd-x9gMvH0_wzCqdo2DFK-hA3YkfGe0n_NQ7UgJFcRpLIUA\"><em>website<\/em><\/a><em> to learn about ways that foreigners can help Ukraine and the Ukrainian people. If you are able and would like to donate, <\/em><a href=\"https:\/\/helpheroesofukraine.com\/\"><em>Help Heroes of Ukraine<\/em><\/a><em> is a trusted charity organization that provides medical, military, and humanitarian aid to Ukraine.<\/em><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The impact of Russia\u2019s unprovoked attack on Ukraine on February 24, 2022 has not only caused a horrific human rights crisis but has also had a dramatic effect on how the world conducts business, felt well beyond the borders of Russia and Ukraine. Warnings of an imminent Russian cyberattack on critical United States infrastructure has small and large businesses alike brushing up their cybersecurity policies to ensure they are compliant with current best practices in the likely event of a Russian cyberattack and impending federal legislation.<\/p>\n","protected":false},"author":98,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[553,554,1152,1236,1623,2039],"class_list":["post-4554","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cyber-attacks","tag-cyber-security","tag-international-affairs","tag-legislation","tag-cybersecurity","tag-ukraine"],"_links":{"self":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/posts\/4554","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/users\/98"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4554"}],"version-history":[{"count":0,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=\/wp\/v2\/posts\/4554\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4554"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4554"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.luc.edu\/compliance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4554"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}