{"id":21136,"date":"2022-02-25T20:50:06","date_gmt":"2022-02-25T20:50:06","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=21136"},"modified":"2023-04-17T18:32:11","modified_gmt":"2023-04-17T18:32:11","slug":"critical-infrastructure-security-steps-russia","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/","title":{"rendered":"SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats"},"content":{"rendered":"<p><a href=\"https:\/\/www.esecurityplanet.com\/threats\/critical-infrastructure-ransomware-attacks-vulnerabilities\/\">Critical infrastructure security<\/a> has moved to the forefront of cybersecurity concerns amid the Russian invasion of Ukraine \u2013 and in at least one case has led to some pretty unique cybersecurity advice.<\/p>\n<p>Despite Russia and the U.S. trading cyber threats \u2013 and one <a href=\"https:\/\/www.nbcnews.com\/politics\/national-security\/biden-presented-options-massive-cyberattacks-russia-rcna17558\" target=\"_blank\" rel=\"noopener\">disputed NBC News report<\/a> that outlined possible options presented to U.S. President Joe Biden for &#8220;massive cyberattacks&#8221; aimed at disrupting the Russian invasion \u2013 initial reports of cyber attacks have in some cases been destructive and damaging, but not anywhere near anyone&#8217;s worst-case fears of utility system attacks, for example.<\/p>\n<p>A <a href=\"https:\/\/www.youtube.com\/watch?v=bZoHePqoBtM\" target=\"_blank\" rel=\"noopener\">SANS webcast<\/a> today outlined some of the cyber attacks seen in the conflict so far. Kevin Holvoet of the Centre for Cybersecurity Belgium (CCB) said Russian-sponsored attacks in recent months against Ukraine and other targets have included:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-stop-ddos-attacks-tips-for-fighting-ddos-attacks\/\">DDoS attacks<\/a> on government, military, finance and communications<\/li>\n<li><a href=\"https:\/\/www.esecurityplanet.com\/threats\/cisa-microsoft-warn-of-wiper-malware\/\">Wiper malware<\/a>, including the latest <a href=\"https:\/\/www.sentinelone.com\/labs\/hermetic-wiper-ukraine-under-attack\/\" target=\"_blank\" rel=\"noopener\">HermeticWiper<\/a> identified by ESET and Symantec<\/li>\n<li>Espionage, which has included <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-047a\" target=\"_blank\" rel=\"noopener\">targeting U.S. defense firms<\/a>, and Palo Alto Networks reported the new <a href=\"https:\/\/unit42.paloaltonetworks.com\/sockdetour\/\" target=\"_blank\" rel=\"noopener\">&#8220;SockDetour&#8221; threat<\/a> yesterday<\/li>\n<li>Defacement of websites<\/li>\n<li>A <a href=\"https:\/\/www.esecurityplanet.com\/applications\/how-hackers-compromise-the-software-supply-chain\/\">software supply chain attack<\/a> (Kitsoft)<\/li>\n<li>Influence and disinformation operations<\/li>\n<\/ul>\n<p>U.S. and UK cyber agencies this week also reported a new network device threat called <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-054a\" target=\"_blank\" rel=\"noopener\">Cyclops Blink<\/a> from the Russia-connected Sandworm group.<\/p>\n<p>While the worst fears have so far gone unrealized, Tim Conway, technical director of ICS and SCADA programs at SANS, said the worst outcome from a critical infrastructure cyber attack would be long-term crippling damage.<\/p>\n<p>&#8220;The worst thing that could happen is not an outage,&#8221; Conway said. &#8220;The worst thing that could happen is the system is kept up so it can be used to damage itself or damage load, and those are much longer-term issues that would take a much longer time to recover from.&#8221;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-21147\" src=\"https:\/\/www.esecurityplanet.com\/wp-content\/uploads\/2022\/02\/ics-damage-1024x577.png\" alt=\"critical infrastructure security threats\" width=\"696\" height=\"392\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/ics-damage-1024x577.png 1024w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/ics-damage-300x169.png 300w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/ics-damage-768x432.png 768w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/ics-damage-1536x865.png 1536w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/ics-damage-150x84.png 150w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/ics-damage-696x392.png 696w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/ics-damage-1068x601.png 1068w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/ics-damage.png 1753w\" sizes=\"(max-width: 696px) 100vw, 696px\" \/><\/p>\n<h2>Protective Steps to Take<\/h2>\n<p>SANS Senior Instructor Jake Williams urged viewers to keep some perspective about the relative likelihood of experiencing a nation-state cyber attack.<\/p>\n<p>&#8220;It is far more likely right now in most organizations that you will suffer an outage due to a self-inflicted injury responding to FUD (fear, uncertainty and doubt) than a Russian government cyber attack,&#8221; Williams said.<\/p>\n<p>Williams urged viewers to focus on the basics, like <a href=\"https:\/\/www.esecurityplanet.com\/threats\/social-engineering-attacks\/\">phishing<\/a>, <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-password-managers\/\">passwords<\/a> and <a href=\"https:\/\/www.esecurityplanet.com\/products\/patch-management-software\/\">patching<\/a>\/updating, as those are still the entry point of many attacks. He also recommended a number of additional protection steps:<\/p>\n<ul>\n<li>Tactical and effective logging strategies<\/li>\n<li>Outbound traffic control, including geoblocking<\/li>\n<li>Plan for rapid containment<\/li>\n<li>Implement application control<\/li>\n<li>Inventory <a href=\"https:\/\/www.esecurityplanet.com\/products\/enterprise-vpn-solutions\/\">B2B VPNs<\/a> and block all high-risk protocols (see slide below)<\/li>\n<li>Implement NetFlow monitoring at all egress points<\/li>\n<li>Have contingency plans in place for disconnecting all B2B VPNs, especially high-risk ones<\/li>\n<li>Consider preventing the downloading of unknown drivers<\/li>\n<\/ul>\n<p>Williams said viewers should follow the <a href=\"https:\/\/www.sans.org\/blog\/ukraine-russia-conflict-cyber-resource-center\/\" target=\"_blank\" rel=\"noopener\">SANS Ukraine crisis web page<\/a> for updates.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-21144\" src=\"https:\/\/www.esecurityplanet.com\/wp-content\/uploads\/2022\/02\/notpetya-1-1024x570.png\" alt=\"vpn security\" width=\"696\" height=\"387\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/notpetya-1-1024x570.png 1024w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/notpetya-1-300x167.png 300w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/notpetya-1-768x428.png 768w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/notpetya-1-1536x855.png 1536w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/notpetya-1-150x84.png 150w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/notpetya-1-696x388.png 696w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/notpetya-1-1068x595.png 1068w, https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/notpetya-1.png 1762w\" sizes=\"(max-width: 696px) 100vw, 696px\" \/><\/p>\n<p>Also read: <a href=\"https:\/\/www.esecurityplanet.com\/products\/vulnerability-management-software\/\">Top Vulnerability Management Tools<\/a><\/p>\n<h2>Security Measures to Take &#8216;Right Freaking Now&#8217;<\/h2>\n<p>SANS Principal Instructor Mick Douglas posted some <a href=\"https:\/\/twitter.com\/bettersafetynet\/status\/1496496087741480960\" target=\"_blank\" rel=\"noopener\">advice on Twitter<\/a> for security steps to take &#8220;right freaking now&#8221; that generated a lot of interest and will soon be the subject of a SANS blog.<\/p>\n<p>Douglas said &#8220;tighter egress&#8221; \u2013 data leaving your network \u2013 is the one thing he&#8217;d focus on &#8220;right freaking now.&#8221;<\/p>\n<p>&#8220;Watch your egress. <a href=\"https:\/\/www.esecurityplanet.com\/products\/top-ngfw\/\">Firewalls<\/a> work both ways. Carefully monitor outbound traffic. <a href=\"https:\/\/www.esecurityplanet.com\/networks\/dmz-network\/\">DMZ<\/a> servers RESPOND to external requests. Look for DMZ systems initiating outbound. This is what &#8216;phoning home&#8217; [command and control, or C2] looks like.&#8221;<\/p>\n<p>He said geo blocking isn&#8217;t as important a control. &#8220;Don&#8217;t get too hung up on IP address blocks. Geo blocking has some advantages, but the only time Russian groups come from Russian IP space is when they want to rub it in. Start treating the entire internet as hostile&#8230; because it is.&#8221;<\/p>\n<p>See the <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-network-monitoring-tools\/\">Best Network Monitoring Tools<\/a><\/p>\n<h2>Whitelisting, &#8216;Living off the Land&#8217; Controls<\/h2>\n<p>He urged users to implement <a href=\"https:\/\/www.esecurityplanet.com\/applications\/whitelisting-vs-blacklisting-which-is-better\/\">whitelisting<\/a>, or allowlisting, for apps. &#8220;App control (used to be called white listing) is no longer a &#8216;nice to have,'&#8221; he said, calling it &#8220;table stakes. Anyone who claims otherwise is giving dated &amp; dangerous advice.&#8221;<\/p>\n<p>He said an app control list doesn&#8217;t need to be hard. &#8220;Use native logging functions to know the apps that are running on systems,&#8221; he wrote.<\/p>\n<p>If you don&#8217;t have an <a href=\"https:\/\/www.esecurityplanet.com\/products\/edr-solutions\/\">EDR system<\/a>, he recommended Windows SRUM, which has a 30-day rolling view of every .exe file run. He shared links for <a href=\"https:\/\/github.com\/MarkBaggett\/srum-dump\" target=\"_blank\" rel=\"noopener\">single host<\/a> and <a href=\"https:\/\/github.com\/MarkBaggett\/ese-analyst\" target=\"_blank\" rel=\"noopener\">multiple host<\/a> SRUM\/ESE tools.<\/p>\n<p>For monitoring normal application usage on Linux hosts, he said to use <a href=\"https:\/\/access.redhat.com\/documentation\/en-us\/red_hat_enterprise_linux\/8\/html\/security_hardening\/auditing-the-system_security-hardening\" target=\"_blank\" rel=\"noopener\">auditd<\/a> or <a href=\"https:\/\/www.lares.com\/blog\/sysmon-for-linux-test-drive\/\" target=\"_blank\" rel=\"noopener\">sysmon<\/a> for Linux &#8220;if you don&#8217;t have a fancy EDR or something that can track this info.&#8221;<\/p>\n<p>&#8220;You *must* know how your systems are being used for two reasons,&#8221; Douglas said.<\/p>\n<p>The first is for blocking any app not on your accepted list. &#8220;[S]et block alerts at highest priority. It might be legit need, and you&#8217;ll want to fix that right away.&#8221;<\/p>\n<p>The second reason is for &#8220;living off the land&#8221; (LOL) attacks, or using native functionality such as <a href=\"https:\/\/www.esecurityplanet.com\/threats\/powershell-source-of-third-of-critical-security-threats\/\">PowerShell<\/a> to bypass security controls. &#8220;They are what state sponsored attackers use when pressured to do so,&#8221; he said. &#8220;They allow attackers to bypass your <a href=\"https:\/\/www.esecurityplanet.com\/products\/antivirus-software\/\">AV<\/a>, and yes likely your EDR.&#8221;<\/p>\n<p>&#8220;Because many orgs over rely on EDR and <a href=\"https:\/\/www.esecurityplanet.com\/products\/siem-tools\/\">SIEM<\/a> now, LOL attacks are highly successful. Attackers blend in. They are using core parts of the OS against you. None of your tools will stop these. You likely already have exclusions for the ports and protocols these tools use.<\/p>\n<p>&#8220;Do NOT believe your heuristics or <a href=\"https:\/\/www.esecurityplanet.com\/threats\/ai-ml-cybersecurity\/\">ML\/AI based tool<\/a> will save you either,&#8221; he said, recommending a <a href=\"https:\/\/www.youtube.com\/watch?v=s19na5Iob6A\" target=\"_blank\" rel=\"noopener\">talk<\/a> by TrustedSec founder David Kennedy.<\/p>\n<p>Note: Symantec last year added a &#8220;living off the land&#8221; protection feature to <a href=\"https:\/\/www.esecurityplanet.com\/products\/edr-solutions\/#symantec\">its EDR offering<\/a> to turn off unused system tools.<\/p>\n<h2>Bypassing &#8216;Every Single Control&#8217;<\/h2>\n<p>Douglas said his small five-year-old company has bypassed &#8220;every single control&#8221; in a $17,000 lab with a three-node Proxmox cluster and a 14TB NAS system.<\/p>\n<p>&#8220;I can emulate most orgs, or a significant portion of them,&#8221; he said. &#8220;If my boutique infosec consultancy has these resources&#8230;what does a state sponsored one have?&#8221;<\/p>\n<p><a href=\"https:\/\/www.esecurityplanet.com\/networks\/incident-response-how-to-prepare-for-attacks-and-breaches\/\">Incident response<\/a> plans should have raid host- and network-level isolation workflows based on his recommended controls. &#8220;Drill it,&#8221; he said. &#8220;You&#8217;re going to need to work at a speed you likely haven&#8217;t before.&#8221;<\/p>\n<p>Security teams should increase logging while filtering out non-essential things and shortening the retention length for the data you don&#8217;t need long-term. &#8220;Many logs age like milk,&#8221; he said, adding, &#8220;looking at you DNS logs.&#8221;<\/p>\n<p>&#8220;Once the attackers are in, you only need to detect them once,&#8221; he said. &#8220;You have the best CTI [cyber <a href=\"https:\/\/www.esecurityplanet.com\/products\/threat-intelligence-platforms\/\">threat intelligence<\/a>] at your fingertips. Leverage CTI feeds if you have them. Your hosts tell you how they&#8217;re being used and abused. Start listening.<\/p>\n<p>&#8220;Prevent isn&#8217;t possible. Try anyway. Move to a detect and respond model. That&#8217;s our path to victory.&#8221;<\/p>\n<blockquote><p>&#8216;It&#8217;s an awful choice, but if I only get one network change right now, I&#8217;m taking tighter egress&#8217;<\/p><\/blockquote>\n<p>One follower asked about &#8220;dropping bogons, route filtering, dropping unsolicited traffic right at the edge routers, IPv6 security measures, stateful firewalling to accept only established, related &amp; intentionally exposed ports.&#8221;<\/p>\n<p>Douglas said those are all things security pros should do, but he added: &#8220;This list is a triaged set of stuff an org should do *right freaking now* if they&#8217;ve not done so already. It&#8217;s an awful choice, but if I only get one network change right now&#8230; I&#8217;m taking tighter egress.&#8221;<\/p>\n<p>Further reading: <a href=\"https:\/\/www.esecurityplanet.com\/networks\/best-incident-response-tools-services\/\">Best Incident Response Tools and Software<\/a><\/p>\n\n\n<div id=\"ta-campaign-widget-66d6e5576e443-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6e5576e443\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6e5576e443\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6e5576e443\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6e5576e443\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6e5576e443\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6e5576e443\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Critical infrastructure security has moved to the forefront of cybersecurity concerns amid the Russian invasion of Ukraine \u2013 and in at least one case has led to some pretty unique cybersecurity advice. Despite Russia and the U.S. trading cyber threats \u2013 and one disputed NBC News report that outlined possible options presented to U.S. President [&hellip;]<\/p>\n","protected":false},"author":163,"featured_media":21147,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[14,15,16],"tags":[],"b2b_audience":[],"b2b_industry":[],"b2b_product":[],"class_list":["post-21136","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networks","category-threats","category-trends"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats | eSecurity Planet<\/title>\n<meta name=\"description\" content=\"Critical infrastructure security is in the spotlight as Russia invades Ukraine. Here are some protection steps to take.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats | eSecurity Planet\" \/>\n<meta property=\"og:description\" content=\"Critical infrastructure security is in the spotlight as Russia invades Ukraine. Here are some protection steps to take.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-25T20:50:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-04-17T18:32:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/ics-damage.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1753\" \/>\n\t<meta property=\"og:image:height\" content=\"987\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Paul Shread\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Paul Shread\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/\"},\"author\":{\"name\":\"Paul Shread\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/ff409b3839bb3ee2e8f2a1ec6f4d6d04\"},\"headline\":\"SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats\",\"datePublished\":\"2022-02-25T20:50:06+00:00\",\"dateModified\":\"2023-04-17T18:32:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/\"},\"wordCount\":1262,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/ics-damage.png\",\"articleSection\":[\"Networks\",\"Threats\",\"Trends\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/\",\"name\":\"SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats | eSecurity Planet\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/ics-damage.png\",\"datePublished\":\"2022-02-25T20:50:06+00:00\",\"dateModified\":\"2023-04-17T18:32:11+00:00\",\"description\":\"Critical infrastructure security is in the spotlight as Russia invades Ukraine. Here are some protection steps to take.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/ics-damage.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/ics-damage.png\",\"width\":1753,\"height\":987,\"caption\":\"critical infrastructure security threats\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/ff409b3839bb3ee2e8f2a1ec6f4d6d04\",\"name\":\"Paul Shread\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/09\/EDITED-HH-85962095_Paul_Shread_20220906_144803_edited-150x150.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/09\/EDITED-HH-85962095_Paul_Shread_20220906_144803_edited-150x150.jpg\",\"caption\":\"Paul Shread\"},\"description\":\"Former eSecurityPlanet Editor Paul Shread has covered nearly every aspect of enterprise technology in his 20+ years in IT journalism, including award-winning articles on endpoint security and virtual data centers. He wrote a column on small business technology for Time.com, and covered financial markets for 10 years, from the dot-com boom and bust to the 2007-2009 financial crisis. He holds market analyst and cybersecurity certifications. In a previous life he worked for daily newspapers, including the Baltimore Sun, and spent 7 years covering the federal government. Al Haig once compared him to Bob Woodward (true story - just ask Google).\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/paul-shread-2\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats | eSecurity Planet","description":"Critical infrastructure security is in the spotlight as Russia invades Ukraine. Here are some protection steps to take.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/","og_locale":"en_US","og_type":"article","og_title":"SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats | eSecurity Planet","og_description":"Critical infrastructure security is in the spotlight as Russia invades Ukraine. Here are some protection steps to take.","og_url":"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/","og_site_name":"eSecurity Planet","article_published_time":"2022-02-25T20:50:06+00:00","article_modified_time":"2023-04-17T18:32:11+00:00","og_image":[{"width":1753,"height":987,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/ics-damage.png","type":"image\/png"}],"author":"Paul Shread","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Paul Shread","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/"},"author":{"name":"Paul Shread","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/ff409b3839bb3ee2e8f2a1ec6f4d6d04"},"headline":"SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats","datePublished":"2022-02-25T20:50:06+00:00","dateModified":"2023-04-17T18:32:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/"},"wordCount":1262,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/ics-damage.png","articleSection":["Networks","Threats","Trends"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/","url":"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/","name":"SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats | eSecurity Planet","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/ics-damage.png","datePublished":"2022-02-25T20:50:06+00:00","dateModified":"2023-04-17T18:32:11+00:00","description":"Critical infrastructure security is in the spotlight as Russia invades Ukraine. Here are some protection steps to take.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/ics-damage.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/02\/ics-damage.png","width":1753,"height":987,"caption":"critical infrastructure security threats"},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/networks\/critical-infrastructure-security-steps-russia\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/ff409b3839bb3ee2e8f2a1ec6f4d6d04","name":"Paul Shread","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/09\/EDITED-HH-85962095_Paul_Shread_20220906_144803_edited-150x150.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/09\/EDITED-HH-85962095_Paul_Shread_20220906_144803_edited-150x150.jpg","caption":"Paul Shread"},"description":"Former eSecurityPlanet Editor Paul Shread has covered nearly every aspect of enterprise technology in his 20+ years in IT journalism, including award-winning articles on endpoint security and virtual data centers. He wrote a column on small business technology for Time.com, and covered financial markets for 10 years, from the dot-com boom and bust to the 2007-2009 financial crisis. He holds market analyst and cybersecurity certifications. In a previous life he worked for daily newspapers, including the Baltimore Sun, and spent 7 years covering the federal government. Al Haig once compared him to Bob Woodward (true story - just ask Google).","url":"https:\/\/www.esecurityplanet.com\/author\/paul-shread-2\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/21136"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/163"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=21136"}],"version-history":[{"count":0,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/21136\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/21147"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=21136"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=21136"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=21136"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=21136"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=21136"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=21136"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}