Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

CISA Warns Critical Infrastructure Organizations of Foreign Influence Operations

Newly published guidance from the United States Cybersecurity and Infrastructure Security Agency (CISA) provides critical infrastructure organizations with instructions on how to prepare for and mitigate foreign influence operations.

Newly published guidance from the United States Cybersecurity and Infrastructure Security Agency (CISA) provides critical infrastructure organizations with instructions on how to prepare for and mitigate foreign influence operations.

Leveraging misinformation, disinformation, and malinformation (MDM), along with other tactics, foreign influence operations are meant to undermine trust in critical infrastructure, disrupt markets, sow discord, and undermine the security of the US and its allies.

When promoted consistently and reinforced by individuals with influence, MDM narratives may have amplified effects, especially when targeting National Critical Functions (NCFs) and critical infrastructure.

Foreign influence operations targeting US audiences in recent years have been paired with cyberattacks to create confusion and anxiety and, in the light of increased tensions between Russia and Ukraine, critical infrastructure organizations are potentially at risk of being targeted in similar operations.

“Recently observed foreign influence operations abroad demonstrate that foreign governments and related actors have the capability to quickly employ sophisticated influence techniques to target U.S. audiences with the goal to disrupt U.S. critical infrastructure and undermine U.S. interests and authorities,” CISA notes.

[READ: Lawmakers Introduce Combined Bill for Strengthening Critical Infrastructure Security]

CISA’s guidance is meant to help critical infrastructure organizations better understand the risks associated with influence operations conducted on social media and other online platforms, and instructs them on the steps they can take internally to improve their resilience.

All organizations, the agency says, should evaluate previously observed MDM narratives targeting their sectors, learn about the sources of information their stakeholders and customers use, map communication channels with key stakeholders, and keep an eye for any change in online activity related to their sectors.

Advertisement. Scroll to continue reading.

Furthermore, organizations should identify any vulnerabilities that an MDM actor may exploit, and should educate their employees to secure their social media accounts using multi-factor authentication and to practice smart email hygiene.

“Malicious actors can use hacking and other cyber activities as part of influence operations. Hijacking accounts and defacing public facing sites can be used to influence public opinion. Organizations should be aware of cyber risks and take action to reduce the likelihood and impact of a potentially damaging compromise,” CISA notes.

Additionally, the agency recommends that organizations establish clear communication channels with their stakeholders, that they make information available on their websites as clear as possible, and that they review their social media presence and access privileges for social media accounts.

CISA also notes that decision makers should engage in active communication with other entities in their sector to build a trusted network and that they should develop an MDM incident response process to be prepared for mitigating any influence operation that is combined with cyber activities targeting their organization.

“In today’s information environment, critical infrastructure owners and operators must play a proactive role in responding to MDM. While each MDM narrative will differ, the TRUST model for incident response can help reduce risk and protect stakeholders,” CISA says.

Related: FBI Warns of BlackByte Ransomware Attacks on Critical Infrastructure

Related: Ransomware Targeted 14 of 16 U.S. Critical Infrastructure Sectors in 2021

Related: University Project Cataloged 1,100 Ransomware Attacks on Critical Infrastructure

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.