The capital cities of Alabama and Ukraine are separated by 5,538 miles. However, the conflict in Ukraine, which is now entering its second month, might soon be felt in the Heart of Dixie.
On Monday, the White House held a briefing warning of Russia’s intent to launch cyberattacks against targets in the United States. The briefing was delivered by Anne Neuberger, Deputy National Security Advisor. Previously, 1819 News reported on the increased threat of cyberattacks on US targets resulting from Russia’s invasion of Ukraine.
Monday’s briefing was unique in the specificity of the threat – US infrastructure. Now, Alabama officials and business experts are preparing and responding.
According to the statement and factsheet from President Biden, “the reality is that much of the Nation’s critical infrastructure is owned and operated by the private sector and the private sector must act to protect the critical services on which all Americans rely.”
Cyberattacks are not unheard of in Alabama.
In May of 2021, Colonial Pipeline, based in Pelham, was the target of a ransomware attack. The company is said to have eventually paid $5 million in Bitcoin to regain access to its system.
According to Kevin Feeney, Senior Director of Corporate Communication for Colonial Pipeline, the company welcomes the efforts from the White House.
“We are incredibly supportive of efforts to increase collaboration between government and industry in order to remain laser-focused on our common mission: working faster and smarter than our adversaries,” said Feeney.
When asked what lessons from their experience with a cyberattack they might share with other companies, Feeney echoed the guidance from the White House.
“For companies defending against these evolving threats or responding to an attack, having clear knowledge of who in government they should be coordinating with is important,” Feeney said. “It’s also important to remember cybersecurity threats evolve constantly, and regulation should allow enough flexibility for companies to respond to those evolving threats.”
The power grid is an area of concern when it comes to possible targets for cyberattacks. The Electricity Subsector Coordinating Council (ESCC) represents the electric power industry, including Alabama Power, with the stated mission of “coordinating efforts to prepare for national-level incidents or threats to critical infrastructure”.
In response to an inquiry from 1819 News, Brian Riel of the ESCC stressed the industry’s long-term focus on these threats.
“The threat of cyber and physical attacks targeting critical infrastructure is not new,” Riel said. “The nation’s electricity providers continuously monitor for threats and are prepared to defend the grid and their infrastructure and systems. They also continue to work with a key partner, the Electricity Information Sharing and Analysis Center (E-ISAC), which analyzes electricity-specific information and context.”
Collaboration between the government and private actors was another sentiment shared by the ESCC.
“Protecting our nation’s critical energy infrastructure is a responsibility shared by the energy industry and our government partners at all levels,” Riel said. “We appreciate the ongoing collaboration of our federal partners and their level of outreach to ensure that the entire energy industry maintains a vigilant and secure posture.”
One cyber expert said the Colonial Pipeline attack is just a glimpse of the disruption Russian cyber agents could create. Jacob Waltz, CISSP, is the CEO of Intraframe US and a cyber threat intelligence analyst based in Memphis, Tenn.
“They have a very capable cyber force, and we have yet to see the full scope of the capabilities of Russia,” said Waltz.
Waltz explained the relationship between the Russian government and Russian cybercriminals.
“It’s been long known in the industry that Russian cybercriminals have some form of relationship or mutual agreement with the Russian government,” Waltz said. “As long as they’re committing their crimes against nations outside the [Commonwealth of Independent States], there [are] not going to be any consequences on what they do.”
In war, it is said that generals are often fighting the last battle. Much of U.S. defense policy since World War II has been focused on preventing the use of weapons of mass destruction, traditionally thought of as biological, chemical or nuclear.
However, experts also warn of the potential disruptions from other new weapons that can be used as part of, or separately from, a cyber-attack.
1819 News spoke to Art Faulkner, former Director of the Alabama Emergency Management Agency, who expressed his biggest fear in regard to infrastructure vulnerability – the damage from an electromagnetic pulse (EMP).
“An electromagnetic pulse (EMP), also known as a transient electromagnetic disturbance (TED), whether natural or artificial, is the event that concerned me most as State EMA Director,” said Faulkner. “Our dependence on computers and wireless communications in 2022, even with pre-planning and mitigation efforts, means we are very vulnerable if this type of event happens.”
Electromagnetic pulses are often associated with nuclear explosions, but there has been speculation in recent years that Russia has developed a weapon that could create an EMP without the nuclear explosion.
The danger of the EMP is that it would destroy or “fry” nearly all modern electrical circuits within a certain radius. Considering how dependent society has become on our use of electronic devices, such a scenario would mean life as we know it would come to a halt.
Although these events may be unlikely, Faulkner highlighted the need to address such threats proactively, rather than from a reactionary posture.
“Just as the COVID pandemic has shown us, our response and recovery to an event that doesn't happen often is harder to manage than the events we deal with frequently, therefore we should make sure we put the appropriate resources to preparing for it,” said Faulkner.
While the White House acknowledged there was no certainty a cyber incident would occur, Neuberger said the purpose of the briefing was “a call to action and a call to responsibility for all of us".
The briefing highlighted the following suggestions, which are recommended urgently:
Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get onto your system;
Deploy modern security tools on your computers and devices to continuously look for and mitigate threats;
Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors;
Back up your data and ensure you have offline backups beyond the reach of malicious actors;
Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
Encrypt your data so it cannot be used if it is stolen;
Educate your employees to common tactics that attackers will use over email or through websites. Encourage them to report if their computers or phones have shown unusual behavior; and
Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents.
To connect with the author of this story, or to comment, email sean.taylor@1819news.com.
