www.cisa.gov Open in urlscan Pro
2a02:26f0:6c00:28e::447a  Public Scan

URL: https://www.cisa.gov/shields-up
Submission: On February 17 via manual from CH — Scanned from NL

Form analysis 2 forms found in the DOM

GET https://search.us-cert.gov/search

<form accept-charset="UTF-8" action="https://search.us-cert.gov/search" class="hidden-xs searchbox" method="get"><input name="utf8" type="hidden" value="✓"><input id="affiliate-desktop" name="affiliate" type="hidden" value="cisa">
  <div class="form-group"><label class="sr-only" for="query-desktop">Enter Search Terms(s):</label>
    <div class="input-group"><input autocomplete="off" class="form-control form-control-custom input-lg" id="query-desktop" name="query" placeholder="Search" type="text">
      <div class="input-group-addon input-group-addon-custom"><button class="submit input-lg"><img alt="search icon" src="/sites/default/files/cisa/search-icon.png" title="search icon"></button></div>
    </div>
  </div>
</form>

GET https://search.us-cert.gov/search

<form accept-charset="UTF-8" action="https://search.us-cert.gov/search" class="hidden-lg hidden-md searchbox" method="get"><input name="utf8" type="hidden" value="✓"><input id="affiliate-mobile" name="affiliate" type="hidden" value="cisa">
  <div class="form-group"><label class="sr-only" for="query-mobile">Enter Search Terms(s):</label>
    <div class="input-group"><input autocomplete="off" class="form-control form-control-custom input-lg" id="query-mobile" name="query" placeholder="Search" type="text">
      <div class="input-group-addon input-group-addon-custom"><button class="submit input-lg"><img alt="search icon" src="/sites/default/files/cisa/search-icon.png" title="search icon"></button></div>
    </div>
  </div>
</form>

Text Content

Skip to main content

An official website of the United States government

Here's how you know
 * EMAIL US(link sends email)
 * CONTACT
 * SITE MAP

Official websites use .gov
A .gov website belongs to an official government organization in the United
States.
Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share
sensitive information only on official, secure websites.
Enter Search Terms(s):




--------------------------------------------------------------------------------


Toggle navigation
Enter Search Terms(s):



CISA NAVIGATION

 * 
 * 
 * 
 * 
 * 
 * 

--------------------------------------------------------------------------------

TLP:WHITE
TLP:WHITE
 1. Cybersecurity    >
 2. Shields Up


CYBERSECURITY

 * Cybersecurity Training & Exercises
 * Cybersecurity Summit 2020
 * Cyber QSMO Marketplace
 * Combating Cyber Crime
 * Securing Federal Networks
 * Protecting Critical Infrastructure
 * Cyber Incident Response
 * Cyber Safety
 * Cybersecurity Governance
 * Detection and Prevention
 * Information Sharing
 * Stakeholder Engagement and Cyber Infrastructure Resilience
 * Education
 * Shields Up
 * Software Bill of Materials
 * Services
 * 2021 President's Cup
 * Bad Practices
 * CISA Insights
 * CISA’s Role in Industrial Control Systems
 * Coordinated Vulnerability Disclosure Process
 * Cyber Essentials
 * Cyber Games
 * Cyber Hygiene Services
 * Cyber Resource Hub
 * Cybersecurity Summit 2021
 * Directives
 * EO 13800 Deliverables
 * Executive Order on Improving the Nation’s Cybersecurity
 * Known Exploited Vulnerabilities
 * Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
 * Multi-Factor Authentication
 * Pulse Connect Secure Mitigations
 * Shop Safely
 * Supply Chain Compromise
 * Joint Cyber Defense Collaborative
 * CISA Cybersecurity Awareness Program


SHIELDS UP

--------------------------------------------------------------------------------

 

Every organization in the United States is at risk from cyber threats that can
disrupt essential services and potentially result in impacts to public safety.
Over the past year, cyber incidents have impacted many companies, non-profits,
and other organizations, large and small, across multiple sectors of the
economy.

Notably, the Russian government has used cyber as a key component of their force
projection over the last decade, including previously in Ukraine in the 2015
timeframe. The Russian government understands that disabling or destroying
critical infrastructure—including power and communications—can augment pressure
on a country’s government, military and population and accelerate their acceding
to Russian objectives.

While there are not currently any specific credible threats to the U.S.
homeland, we are mindful of the potential for the Russian government to consider
escalating its destabilizing actions in ways that may impact others outside of
Ukraine. 

Based on this situation, CISA has been working closely with our critical
infrastructure partners over the past several months to ensure awareness of
potential threats—part of a paradigm shift from being reactive to being
proactive.

CISA recommends all organizations—regardless of size—adopt a heightened posture
when it comes to cybersecurity and protecting their most critical assets.
Recommended actions include:


REDUCE THE LIKELIHOOD OF A DAMAGING CYBER INTRUSION

 * Validate that all remote access to the organization’s network and privileged
   or administrative access requires multi-factor authentication.
 * Ensure that software is up to date, prioritizing updates that address known
   exploited vulnerabilities identified by CISA.
 * Confirm that the organization’s IT personnel have disabled all ports and
   protocols that are not essential for business purposes.
 * If the organization is using cloud services, ensure that IT personnel have
   reviewed and implemented strong controls outlined in CISA's guidance.
 * Sign up for CISA's free cyber hygiene services, including vulnerability
   scanning, to help reduce exposure to threats.


TAKE STEPS TO QUICKLY DETECT A POTENTIAL INTRUSION

 * Ensure that cybersecurity/IT personnel are focused on identifying and quickly
   assessing any unexpected or unusual network behavior. Enable logging in order
   to better investigate issues or events.
 * Confirm that the organization's entire network is protected by
   antivirus/antimalware software and that signatures in these tools are
   updated.
 * If working with Ukrainian organizations, take extra care to monitor, inspect,
   and isolate traffic from those organizations; closely review access controls
   for that traffic.


ENSURE THAT THE ORGANIZATION IS PREPARED TO RESPOND IF AN INTRUSION OCCURS

 * Designate a crisis-response team with main points of contact for a suspected
   cybersecurity incident and roles/responsibilities within the organization,
   including technology, communications, legal and business continuity.
 * Assure availability of key personnel; identify means to provide surge support
   for responding to an incident.
 * Conduct a tabletop exercise to ensure that all participants understand their
   roles during an incident.


MAXIMIZE THE ORGANIZATION'S RESILIENCE TO A DESTRUCTIVE CYBER INCIDENT

 * Test backup procedures to ensure that critical data can be rapidly restored
   if the organization is impacted by ransomware or a destructive cyberattack;
   ensure that backups are isolated from network connections.
 * If using industrial control systems or operational technology, conduct a test
   of manual controls to ensure that critical functions remain operable if the
   organization’s network is unavailable or untrusted.

By implementing the steps above, all organizations can make near-term progress
toward improving cybersecurity and resilience. In addition, while recent cyber
incidents have not been attributed to specific actors, CISA urges
cybersecurity/IT personnel at every organization to review Understanding and
Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical
Infrastructure. CISA also recommends organizations visit StopRansomware.gov, a
centralized, whole-of-government webpage providing ransomware resources and
alerts.

As the nation’s cyber defense agency, CISA is available to help organizations
improve cybersecurity and resilience, including through cybersecurity experts
assigned across the country. In the event of a cyber incident, CISA is able to
offer assistance to victim organizations and use information from incident
reports to protect other possible victims. All organizations should report
incidents and anomalous activity to CISA and/or the FBI via your local FBI field
office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov(link sends
email).


ADDITIONAL RESOURCES

CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential
Critical Threats  (pdf) (January 2022)

Alert (AA22-011A) Understanding and Mitigating Russian State-Sponsored Cyber
Threats to U.S. Critical Infrastructure (January 2022)

CISA Insights: Preparing For and Mitigating Potential Cyber Threats (pdf)
(December 2021)

Reminder for Critical Infrastructure to Stay Vigilant Against Threats During
Holidays and Weekends (November 2021)

Russia Cyber Threat Overview and Advisories

Was this webpage helpful?  Yes  |  Somewhat  |  No

Cybersecurity & Infrastructure Security Agency
CONTACT SUBSCRIBE
        
REPORT
 

Need CISA’s help but don’t know where to start? Contact CISA Central(link sends
email)

 
Accountability   Privacy Policy   FOIA   No Fear Act   Accessibility   Plain
Writing   Plug-ins   Inspector General   DHS   The White House   USA.gov