Officials are urging businesses to “beef up” their cybersecurity defenses after new sanctions were placed on Russia.
INDIANAPOLIS — The Biden administration says there is “evolving intelligence” that Russia could launch cyberattacks against US companies.
Officials are urging businesses to “beef up” their cybersecurity defenses.
This after the US, the European Union and the G-7 imposed new economic sanctions on Russia.
“We know it’s possible. Luckily, we haven’t seen a series of cyberattacks as a part of the war in Ukraine start to spread into the wild, as it’s called, from there,” said IU cybersecurity professor Scott Shackelford.
Shackleford said while this is a cause for concern, it is not a cause for panic.
He said businesses providing critical infrastructure like hospitals, local governments or utility companies, should remain vigilant.
Three Indiana hospitals who were victims of cyberattacks in 2021 are doing just that.
In August 2021, Eskenazi Hospital became the victim of a ransomware attack resulting in personal information of patients and employees being put out on the dark web. Then in September, a cyberattack disrupted some operations at Schneck Medical Center in Seymour. In October, Johnson Memorial Hospital suffered a cyberattack resulting in the hospital’s computer network being disabled.
“Johnson Memorial Health works with multiple cybersecurity experts to make sure our systems and patient information stay safe from foreign threat actors. Our employees are extremely vigilant and our systems have never been safer than they are now.” said Dr. David Dunkle, president and CEO of Johnson Memorial Health.
Shackelford said Russian cyberattacks on Ukraine are nothing new.
“They were successful, for example, of turning off the lights in Kyiv and basically crashing their electric grid on several occasions. In some ways, Ukraine is better positioned to recover from those types of attacks than, for example, the US is, because Their grid is incredibly analog as opposed to this smart grid that we’re deploying here in the US,” said Shackelford.
AES Indiana said they work with agencies “to protect our electric infrastructure from threats” and “routinely checks the readiness of our crisis plans through a variety of exercises and drills.”
Shackelford said the federal government can do some things to help protect companies.
“For the US government, we have something called ‘persistent engagement,’ or active defense, as part of official cyber doctrine. The idea is to go on the offense. So, if we are in each other’s systems, this can raise the real and perceived costs of deploying these types of cyberattacks,” said Shackelford.
Shackelford said this could deter a worst-case scenario.
For companies, the process, called “hacking back,” is illegal.
“If we did, for example, have a series of US firms starting to hack back against entities in Russia, perhaps government agencies or otherwise, then that certainly could escalate,” said Shackelford.
Shackelford encourages companies to build as many protections around them as possible.
13 News also reached out to other companies about beefing up their security.
“The City of Indianapolis is remaining vigilant against cyberattacks, adhering to national standards of cybersecurity operations. We continue to partner with other federal, state, and local public entities, and work with City-County employees to prevent harmful actors from gaining access to our systems and data on the front end,” said Mark Bode, communications director for Indianapolis Mayor Joe Hogsett.
“We continuously keep a close eye on the external environment, including potential threats. We have in place a number of technical and business processes to safeguard our information and systems,” said Molly McCully, senior director of corporate communications for Eli Lilly and Company.
“AES Indiana is committed to enhancing and improving its cyber and physical security resources and practices. AES Indiana partners with federal, state and local agencies including the Federal Energy Regulatory Commission, Departments of Energy and Homeland Security to protect our electric infrastructure from threats,” wrote Kelly Young, director of public relations for AES Indiana. “Planning for security threats and emergency situations is a critical component of our operations. AES Indiana routinely checks the readiness of our crisis plans through a variety of exercises and drills. We will continue to proactively work with government and industry stakeholders on preparation, prevention and detection, information sharing, and response and recovery of the grids most critical assets.”
The White House has shared information about how to best protect against a potential cyberattack.
(NOTE: The video below is from a 13 Investigates report in May 2021.)