U.S. utilities should be on high alert as threat of Russian cyberattack grows.

As Russian troops began their invasion of Ukraine, Russian President Vladimir Putin warned of consequences for any other country that got involved in the conflict. Short of nuclear warfare, those words from the Russian president likely means cyberattacks, arguably Russia's most reliable weapon on the global stage. 

Russian hackers, which are often linked to the state, are believed responsible for the Colonial Pipeline hack last spring that sent the eastern U.S. into a fuel frenzy.  The Biden Administration has made cybersecurity of critical infrastructure a top policy priority, but the federal government has warned utilities and critical infrastructure organizers to grip their shields a little tighter in the wake of sanctions on Russia. 

"While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our Allies," a recent memo from the U.S. Cybersecurity and Infrastructure Security Agency reads. "Every organization—large and small—must be prepared to respond to disruptive cyber activity. ...All organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets."

Since the sanctions imposed on Russia last week, CISA has published comprehensive guidance on how to prepare for and shield against cyberattacks. However, critical infrastructure such as utilities should already be prioritizing cybersecurity as the world and the industry moves further into the digital realm. More than half of utilities faced a cyberattack of some kind in 2018, according to a 2019 report from the Ponemon Institute. It has only picked up since: Ransomware attacks have more than tripled over the last two years and malware attacks have nearly doubled in the last year alone.

Rob Lee, chief curriculum director at the Sans Institute, speaking with the Seattle Times last week said cyberattacks tend to follow along closely with major geopolitical events and moments of tension. With unprecedented financial and economic sanctions imposed on Russia by the West, it is practical to think Russia is cooking up a retaliation of equal significance. Lee says the cyberattacks would likely target one of three industries: energy, finance, and healthcare. 

"You can tell where things are heading based on the back and forth,” Lee told the Seattle Times. “There’ll be warning.”

For anyone in the industry still weighing the importance of cybersecurity spending, it might be too late to defend against the current threat. However, as the saying goes, the best time to plant a tree is 20 years ago. The second best time is right now. Be sure to check out CISA's guidance on cybersecurity.