Now endpoint protection company CrowdStrike, two-factor authentication provider Ping Identity, and Cloudflare, which is best known for guarding websites from automated denial-of-service attacks that would otherwise knock them offline, are offering their services free to the organizations most often thought at risk.
In an announcement Monday, the three said they would give away four months of their services to U.S. hospitals, which have been frequent targets of Russian-speaking ransomware gangs, and to electricity and water utilities, which are vital to everyday life.
Though the ransomware groups are mainly after money, some of them have relationships with Russian authorities. One of the most prolific, known as Conti, warned that it would attack U.S. infrastructure if the United States disrupted Russian sites. Already, a wide number of Russian government, banking and media networks have come under electronic fire, though it is not clear how seriously or who has been behind it.
But U.S. officials are taking the possibility of return hostilities seriously, and the three companies have been coordinating with them to discuss what is needed the most.
“It’s just hospitals, power and water right now,” Cloudflare CEO Matthew Prince told The Washington Post. “We built the list in consultation with industry and government experts to protect the most vulnerable and currently underprotected sectors. We may expand to other sectors in the future if there’s need.”
The program is open to any size organization, as long as it is not already a customer, and there is no limit on the number of participants, the companies said.
The services range from multifactor authentication for log-ins to protection from denial-of-service attacks, which barrage a website with so many connection attempts that it is unavailable to regular users.
“The goal is to provide a complete kit of the best security practices,” Prince said. “We’ve also designed a checklist based on what an organization should do immediately, within the next week, and within the next month to help triage the work.”
The potential for a cyber conflict pitting Russia against the United States has placed Cloudflare in an unusual position. The company has clients in Russia, and has been called out by name by Ukraine’s digital transformation minister, Mykhailo Fedorov, for protecting Russian sites.
Two security sources told The Post that Cloudflare employees had told them that the company is not taking on new Russian clients, and a spokesperson said the company is reviewing existing relationships on a case-by-case basis.
But Cloudflare has decided not to impose a blanket rejection on Russian business yet, Prince said in a blog post published Monday. “We have terminated any customers we have identified as tied to sanctions, including those related to Russian financial institutions, Russian influence campaigns, and the Russian-affiliated Donetsk and Luhansk governments,” he wrote.
After consulting with government and civil society experts, Prince added, “Our conclusion … is that Russia needs more Internet access, not less. … In fact, we believe the Russian government would celebrate us shutting down Cloudflare’s services in Russia.”
The other two companies have little business exposure in Russia. CrowdStrike does not do business in Russia, employees said, and Ping described its business in Russia as “negligible.”
While the known impact of suspected Russian cyberattacks in Ukraine has been unexpectedly modest, there is a growing trepidation about what the country might do in the United States, which has more targets, less experience fending off destructive attacks and lighter rules for industry.
Security experts at cybersecurity firm Mandiant said last week that Russia is likely to lash out to punish the United States for leading the drive for sanctions that are already crippling the Russian economy.
And Cisco Systems security executive Matt Olney, who has been overseeing defenses at some Ukrainian government agencies, said that Russia was probably deploying its best cyber operatives to break into U.S. and European agencies, at least for spying and perhaps for more.
“What they are really worried about is the global reaction, so the A-Team is working on espionage to understand what our red lines are,” Olney told The Post.
Others have suggested that natural targets for retaliation include U.S. financial systems and markets.
The more the United States pushes Russia away from those systems with sanctions, they note, the less the country has to lose by attacking them.