Skip to main content
Top Button
Ice Miller Federal Cybersecurity Update: Holiday Hacker Prevention Ice Miller Federal Cybersecurity Update: Holiday Hacker Prevention

Ice Miller Federal Cybersecurity Update: Holiday Hacker Prevention

The holiday rush and end-of-year close-out scrambles are upon us; and cybersecurity threat actors know it. Well aware of these humbug hackers, the Cybersecurity & Infrastructure Security Agency (“CISA”) has released important guidance that should be followed to strengthen network defenses against possible cyber-attacks. CISA, the nation’s leading cybersecurity authority, tasked with enhancing the security, resiliency, and reliability of cybersecurity infrastructure, has identified an increased cyber-risk due to recent activity from sophisticated threat actors, including nation-state actors and their proxies. To alert companies about the seasonal cyber vulnerabilities, CISA details best practices in its recently released guidance. 

CISA Guidance Key Takeaways

Among the key steps recommended to strengthen cybersecurity, CISA recommended the following:
Entity-Leadership Steps:
  • Increased Organizational Vigilance: CISA recommends that entity leaders ensure there are no gaps in Information Technology (“IT”)/Operational Technology (“OT”) security personnel and that entity staff continually monitor network activity for any type of anomalous behavior. This is of increased importance given lower staffing levels during the holidays.
  • Organizational Rapid Response Preparation: Entities should be at heightened state of situational awareness. Incident response procedures should be reviewed, updated, or created and staff should be trained on such procedures to ensure key steps are taken in the event of a security incident. Reporting processes and continuity of operations plans should be tested. 
  • Network Defense Actor Preparation: Entity leadership should ensure that services used for network defense are implementing cybersecurity best practices. For example, multi-factor authentication and strong password selection should be key criteria for account management. Software, organization-wide, should remain up-to-date, prioritizing known exploited vulnerabilities
  • Remain Up-To-Date About Cybersecurity Threats: Entity leadership should remain updated on emerging cybersecurity threats and about popular techniques used by threat actors. Encourage IT/OT security staff to subscribe to CISA mailing lists and feeds to receive notifications when CISA releases information about a security topic. 
  • Immediately Report Detected Threats: Entities should lower threat thresholds and immediately report cybersecurity incidents and anomalous activity to CISA and the FBI.
Strengthening Critical Infrastructure

These steps are prevalent to organizations with OT/Industrial Control Systems assets. 
  • Identify and Secure Critical Processes: These processes are those which are absolutely critical to the uninterrupted continuation of essential services.
  • Develop and Test Workarounds and Manual Controls: These can be used as contingent measures in the event of a cyberattack. This can help to isolate the critical process and ensure continued operation without access to any network. 
  • Ensure Backup Procedures and Implemented and Tested: These backups should also be isolated from network connections to ensure they do not become vulnerable in the event of an attack.

Ice Miller Cybersecurity Attorneys

Ice Miller has extensive experience assisting companies to navigate and comply with federal cybersecurity laws and regulations, as well as taking advantage of cybersecurity-related procurement opportunities. Our team includes Guillermo Christensen, managing partner of the firm’s Washington D.C. office and former CIA officer with national security experience in the intelligence community and internationally with the U.S. Department of State; Christian Robertson, a former U.S. Air Force intelligence officer who regularly advises clients on federal procurement cybersecurity laws and regulations; and Angad Chopra, a Certified Privacy Professional and associate in Ice Miller’s Data Security and Privacy Group.

This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader should consult with legal counsel to determine how laws or decisions discussed herein apply to the reader's specific circumstances.
View Full Site View Mobile Optimized