Op-ed views and opinions expressed are solely those of the author.
Last Thursday, a group of cybersecurity agencies from the US, Canada, Australia, New Zealand, and the United Kingdom, put out a joint Cybersecurity Advisory with a stark warning to organizations globally that because of Russia’s controversial invasion of Ukraine, the world is in danger from “malicious cyber activity.”
At this time, it is thought that there will soon be a Russian-based cyber offensive directed at the allies of Ukraine that have levied the sanctions that have been catastrophic to the Russian economy. In addition, countries known to have provided material support to Ukraine are also believed to be at risk of Russian cyberattacks.
This new danger warned of in the advisory is not limited to attacks from state-sponsored Advanced Persistent Threat Groups (APTs), as per the advisory, several Russia-based and non-government affiliated cyber gangs have “recently publicly pledged support for the Russian government.” These groups intend to retaliate for cyber offensives that may have affected the Russian government or its citizens.
Additionally, some of the gangs have also threatened to begin offensive cyber-attacks against countries and private organizations that are providing material support to Ukraine. Over the last few months, there have been repeated attacks against Ukrainian websites that are believed to be in support of the Russian military offensive.
The attacks are supplementing Russian government efforts as, recently, Russia-based state-sponsored hacks have included distributed denial-of-service (DDoS) attacks in addition to malware and ransomware attacks against the Ukrainian government and critical infrastructure.
This threat of increased hacking activity is happening just as lobbyists for several financial sector entities that fall under the regulatory scope of the Securities and Exchange Commission (SEC) butt heads with the Commission regarding implementation of reporting requirements for SEC-regulated entities. Specifically, members of several corporate boards and their lobbyists are opposed to new requirements that force publicly traded companies to disclose cybersecurity incidents they may experience.
“The SEC’s actions in the past year, paired with recently released rules, draw a line under the critical role of management and boards in protecting not just investors and customers, but also the sound functioning of American business,” according to Friso van der Oord of the National Association of Corporate Directors. “Preparing effective disclosure of material cyber risks and incidents has long been a key principle of cyber risk oversight advocated by NACD.”
The lobbying groups are instead in favor of newly proposed reporting rules in the new Cyber Incident Reporting for Critical Infrastructure Act of 2022 that was created by CISA. The Act, which was passed as part of the omnibus spending bill on March 15, 2022, requires that critical infrastructure companies, which may include financial services entities, energy outfits and other businesses for “which a disruption would impact economic security or public health and safety” to report cybersecurity incidents or any ransoms paid, to the federal government.
The changes are not applicable immediate however, according to the bill, CISA has 2 years after the bill’s passage to create proposed rules on what may constitute reportable offenses, and another 18 months after the proposed rules to define the final rules. So, in other words, this means that the Act’s final thresholds for reporting incidents may not be completely defined for as long as 3 years, as currently written.
Despite the text of the bill, with ongoing global instability because of Vladimir Putin’s ongoing war and the cyber fallout that is accompanying it, CISA can possibly modify the law to move it along more quickly during a time that is expected to see increased cyber activity like the Russian-based Hermetic Wiper attacks that have been devastating to hundreds of organizations in Ukraine by wiping out data on Windows computers.
After 2021 where cyberwarfare truly hit home with the devastating Colonial Pipeline and JBS Foods cyberattacks, CISA expects 2022 to be an even more damaging year in the cybersphere. If the Ukraine conflict spirals into a larger war involving NATO and the US, we can easily see Putin’s conquest morph into the Third World War.
Julio Rivera is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by numerous websites and he is regularly seen on National and International news programming.
DONATE TO BIZPAC REVIEW
Please help us! If you are fed up with letting radical big tech execs, phony fact-checkers, tyrannical liberals and a lying mainstream media have unprecedented power over your news please consider making a donation to BPR to help us fight them. Now is the time. Truth has never been more critical!
- TikTokers in Congress are compromising cyber and data security - February 8, 2023
- Cybersecurity in 2022: Cyberwarfare, infrastructure, espionage, and hacking-for-profit - December 30, 2022
- Big-tech enabled ‘ad-pollution’ and cyber scammers are poisoning the holiday shopping experience - November 25, 2022
We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the ∨ icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.