ICYMI: CISA Insights on Implementing Urgent Cybersecurity Measures Now to Protect Against Critical Threats

This afternoon CISA released an Insights on “Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats”.

The audience for this product is critical infrastructure, business organizations, and state, local, tribal, and territorial governments of all sizes across the country and is intended to drive immediate action, with a focus on actions that could be implemented by most organizations in the next four weeks. This product compliments the recent Russia-focused CSA - Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure - which remains the most comprehensive document for network defenders to protect against the ongoing cyber threat posed by Russian state-sponsored malicious cyber actors. Meanwhile, CISA is closely monitoring developments in Ukraine and will update stakeholders as appropriate.

From the release:

Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. Over the past year, cyber incidents have impacted many companies, non-profits, and other organizations, large and small, across multiple sectors of the economy.

Most recently, public and private entities in Ukraine have suffered a series of malicious cyber incidents, including website defacement and private sector reports of potentially destructive malware on their systems that could result in severe harm to critical functions. The identification of destructive malware is particularly alarming given

that similar malware has been deployed in the past—e.g., NotPetya and WannaCry ransomware— that subsequently caused significant, globally widespread damage to critical infrastructure.

This CISA Insights is intended to ensure that senior leaders at every organization in the United States are aware of critical cyber risks and take urgent, near-term steps to reduce the likelihood and impact of a potentially damaging compromise. All organizations, regardless of sector or size, should immediately:

  1. Reduce the likelihood of a damaging cyber intrusion.
  2. Take steps to quickly detect a potential intrusion. 
  3. Ensure that the organization is prepared to respond if an intrusion occurs. 
  4. Maximize the organization's resilience to a destructive cyber incident. 

We are asking all organizations to report incidents and anomalous activity to CISA and/or the FBI via local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.

CISA also recommends network defenders review CISA's Russia Cyber Threat Overview and Advisories page for more information on Russian state-sponsored malicious cyber activity.

Our goal is to get this information out to the widest distribution possible, so please share widely. In the meantime, if you have any additional questions or comments, please don’t hesitate to reach out.


Steve Lyddon

Protective Security Advisor, Region 5, Illinois
Cybersecurity and Infrastructure Security Agency
U.S. Department of Homeland Security
Cell:  217-299-3954 | steven.lyddon@cisa.dhs.gov