US Agencies Step Up Cyberattack Warnings Amid Ukrainian Unrest

With rising tensions between Ukraine and the Russian Federation, United States security officials have stepped up warnings to businesses in America and its allies. Stark warnings have gone out from the US Departments of Justice and Homeland Security about the possibility of cyberattacks. In this post I summarize these warnings, and then share some ways for Salesforce customers to be prepared for cyberwar threats.

CISA Issues Shields Up Warning

On February 12 CISA, the US Department of Homeland Security’s Cybersecurity & Infrastructure Agency started a Shields Up publicity program. CISA is the US government agency that is the most active educator of cybersecurity practices.

On the Shields Up page, CISA warns about possible hostile acts coming from Russia. “While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine,” CISA stated on the Shields Up page. More information about threats from Russia are detailed on CISA’s Russia Cyber Threat Overview and Advisories page.

US DOJ Official Issues Global Cyberattack Warning

On February 17 at the Munich Cyber Security Conference a top US Department of Justice official issued a stark warning for businesses in America and its allies. “Given the very high tensions that we are experiencing, companies of any size and of all sizes would be foolish not to be preparing right now as we speak — to increase their defenses, to do things like patching, to heighten their alert systems, to be monitoring in real-time their cybersecurity,” deputy attorney general Lisa Monaco said. “They need to be as we say, ‘shields up’ and to be really on the most heightened level of alert that they can be and taking all necessary precautions.”

White House Names Russian Security Agency Behind Ukraine Bank Cyberattack

On February 18, Anne Neuberger, who is the National Security Agency’s (NSA) top official on cybersecurity, briefed the press and cited specific knowledge of Russia’s involvement in a February 12 cyberattack. This was a change in tone for the White House, signaling a new confidence to identify cyber actors.

“We believe that the Russian government is responsible for wide-scale cyberattacks on Ukrainian banks this week.  We have technical information that links Russian — the Russian Main Intelligence Directorate, or GRU, as known GRU infrastructure was seen transmitting high volumes of communications to Ukraine-based IP addresses and domains,” said Ms. Neuberger at the press conference.

The US government has made it known that it has used offensive cyber capabilities, as well as crime-solving resources, to crack down on cyber threats like fraud and ransomware. In closing her remarks, Ms. Neuberger quoted President Biden saying, “If Russia attacks the United States or our Allies through asymmetric activities, like disruptive cyberattacks against our companies or critical infrastructure, we are prepared to respond.”

Cybersecurity for Salesforce

CISA is does a good job teaching the highest level of cybersecurity awareness. It also gives practitioners specific information about threat mitigation. The Shields Up website is an excellent starting place for a proactive cybersecurity education.

According to CISA and the National Institute of Standards and Technology (NIST) a Zero Trust Architecture is the recommended security method for use in multi-cloud, multi-identity SaaS systems. Zero trust is failsafe mechanism designed to stop lateral intrusions in a network. While it is not much of a Salesforce topic today, zero trust will likely be a principle for upgrades to Salesforce security architectures in the future.

Protecting Salesforce from cyber threats goes beyond an IT department’s usual cybersecurity tools. I talk more about these two distinctions in a recent guest post at Dark Reading, “Salesforce Devops Needs Guardrails.”

• Platform Cybersecurity – Salesforce configuration management and data security is so complex that an individual user can no longer reliably configure all the security settings. Metadata intelligence analyzes settings, recommend remediations, and perform automated penetration testing. Leading platform cybersecurity products include AppOmni, Revcult by OwnBackup, and Strongpoint by Netwrix.
• Developer Cybersecurity – Better efforts are needed to incorporate cybersecurity scanners and other protocols directly into the Salesforce developer experience. For basic things like static application security testing (SAST), finding common security flaws should be as easy as using a language linter in VS Code. Leading Salesforce developer cybersecurity solutions include DigitSec, Codescan from AutoRABIT, and Clayton.

Shields Up!

The new Shields Up slogan from CISA is good advice for IT manager and Salesforce platform owners. If you are responsible for an entire business or network, make sure you are making offsite and offline backups of your critical data.

Use a commercial backup solution to create a restorable version of your Salesforce org. If you aren’t backing up your Salesforce database, even with the built-in free data dumping, then start doing that today! Find out about Google Takeout and other ways to get your email archives and other key data backed in a physical medium you have offline.

The ongoing tensions between Ukraine and Russia brings the specter of cyberwar to the doorstep to every business in America and its allies. Do not underestimate the fragility of global digital infrastructure and how a cyberattack may impact your business operations. Once the cyberwar opens in Ukraine, a haunting possibility is to have it spill over into the global digital infrastructure. As they say on Star Trek when faced with an unknown threat, Shields Up!