Amid rising Russia tensions, Cloudflare, CrowdStrike and Ping Identity offer free security for Critical National Infrastructure operators
Government warnings of heightened cyber risk to U.S. organizations as a by-product of the war in Ukraine are almost a daily occurrence. The government considers increased cyber activity aimed at U.S. and NATO organizations ‒ and particularly critical infrastructure organizations ‒ to be a serious threat.
CISA has a ‘Shields Up’ page that states, “While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region. Every organization—large and small—must be prepared to respond to disruptive cyber activity.”
You can see SecurityWeek’s take on how and why cyber threats could escalate from Ukraine into a formal or informal cyberwar here: Russia-Ukraine: Threat of Local Cyber Operations Escalating Into Global Cyberwar. Failing the rapid withdrawal of Russian troops from Ukraine, which doesn’t seem likely, it is difficult to see anything other than increased cyber activity aimed against the U.S. and its allies.
This could be either or both cyber operations from Russia’s elite government sponsored groups in retaliation for sanctions, or simple cyberattacks from individuals and criminal gangs wishing to support Russia. It is worth noting that Putin has already described sanctions as ‘akin to a declaration of war.’
It is to be hoped that American industry, and especially the CNI, is already well-prepared. Experience suggests that many organizations are not. In such cases, rapid improvements to the basics are necessary. This includes ensuring staff awareness and patching any systems that are known to be unpatched. These can be achieved without new or improved security controls.
Other basics, however, require additional support from third party products (for this particular crisis, it is probably too late to consider in-house developed solutions). The basics that need to be immediately bolstered include DDoS defense, access control, and endpoint protection.
Three major security vendors, Cloudflare, CrowdStrike and Ping Identity, have now come together in what they call a new Critical Infrastructure Defense Project, offering free services and support for four months.
These three companies combine to offer the most urgent basic security. Cloudflare provides web traffic filtering and DDoS protection; CrowdStrike prevents malicious activity against endpoints, cloud workloads, identity, and data; and Ping Identity offers advanced user authentication processes.
Eligibility for these free offerings is one limitation. SecurityWeek was told, “This program is designed to help U.S. critical infrastructure that has been identified as particularly vulnerable to cyberattack. In particular, this includes energy and water utilities of all sizes, from towns and municipalities to regional or national providers. Likewise, all public and private hospitals and hospital systems of all sizes will be eligible.”
What happens after the free four months should also be considered. Here SecurityWeek was told, “Cloudflare, CrowdStrike and Ping will continue to monitor the threat landscape closely and remain in constant contact with key cyber officials across the government to determine if the scope needs to be modified.”
The offer is an opportunity for eligible organizations within the CNI who are concerned about their existing basic security to obtain good security, quickly and freely. They will just need to make sure this isn’t simply a marketing exercise to get organizations to try the vendors’ products, and to be sure they have an exit strategy if they decide they don’t wish to start paying for the products at the end of the free period.
Related: Russia, Ukraine and the Danger of a Global Cyberwar
Related: Russia-Ukraine: Threat of Local Cyber Ops Escalating Into Global Cyberwar
Related: Russia vs Ukraine – The War in Cyberspace
Related: NSA Publishes Best Practices for Improving Network Defenses