The Digital Battlefield
Russia’s recent invasion of Ukraine has underscored the reality of a new age of warfare. In addition to conventional warfare tactics – air strikes, tanks and boots on the ground, and propaganda, Russia is again employing another subtle weapon – cyber-attacks.
In a world that has been almost completely digitized, new targets have opened themselves to foreign attacks. While this in itself isn’t new, the way Russia is deploying cyber-attacks alongside conventional tactics is.
It has long been suspected that Russia was responsible for cyberattacks against Ukraine’s power infrastructure back in 2015 and that Russia’s current invasion of Ukraine began several weeks prior to a single soldier crossing into Ukraine. Russian hackers used ransomware attacks, denial of service attacks, and data wiping malware on Ukraine’s critical infrastructure including power companies, government agencies, and banking systems. What’s more, it is believed that Russia likely gained access to sensitive data to military and communications infrastructure.
And unlike an air raid or mortar round, cyber-attacks are often silent and stealthy. While Russia is believed to be the main actor in cyber-attacks against Ukraine, it’s very possible to believe other countries like Iran, North Korea, or China could be involved as well. It’s one of the dangers and advantages malicious actors have in the cyber landscape – they can attack from anywhere without regard to physical borders.
For some, it’s an eye-opening reality that exists in 2022 and will only persist as technology and society’s reliance upon it advances.
Preparation is Paramount
Physical structures built in flood, earthquake, and hurricane zones are specially designed and reinforced to withstand the force of nature around them. So should our critical data infrastructure be built to withstand the forces of a cyber attack but the reality is until it happens, many businesses and critical infrastructure companies don’t realize just how unprepared they are until it’s too late.
In an article we published last year, we talked in-depth about the Colonial Pipeline attack here in the U.S., and what it brought to light regarding our vulnerability to cyber-attacks like the ones being experienced in Ukraine today.
While several months have passed since that attack, steps have been taken to better regulate federal agencies and contractors, but like all major initiatives, it takes time and resources to implement. Critical infrastructure companies outside of the government contractor space, however, are still vulnerable.
Companies throughout the U.S. and the world would be best served to implement security policies that are measured against an industry-standard like NICE and ensure they have the right people with the right training working within the organization.
As it stands today, most organizations are uncertain as to what qualifications their cyber workforce has and if they are being best utilized within their system. Without the right people in the right roles with the right training, the technology and tools are simply misconfigured or not deployed and the organization fails to withstand the attacks.
As cyber threats advance, agencies and organizations should strive to enable an aligned cyber rotational workforce with visibility and transparency across the organization so that when the day they are attacked they’ll have their people in the optimal position to respond quickly and effectively.
The CyberSTAR Advantage
CyberSTAR is the trusted source for cyber expertise management. Used by the DoD and other government agencies as well as corporate customers, it is the most effective automated expertise management system available.
CyberSTAR helps streamline processes and maintain current credentials for your cyber workforce by:
- Ensuring proper training and certification (including DoDD 8570, DoDD 8140, NIST NICE, and other commercial standards)
- Matching personnel and roles to contractual or regulatory requirements
- Continuous compliance and on-demand reporting
- Reducing the cost and complexity of identifying skill gaps and upskilling opportunities
CyberSTAR is the one source of truth for all your cyber compliance, readiness, and expertise management.