By Andrew Ramspacher, University Communications, fpa5up@virginia.edu, +1 434-924-6856
Think before responding to a suspicious email, use virtual private networks when possible and, yes, take time to update your laptop software.
Ryan Wright, an IT security and privacy expert in the University of Virginia’s McIntire School of Commerce, provided to UVA Today these tips when asked for what the everyday U.S. citizen should be doing in preparation for a possible Russian cyberattack as the war in Ukraine progresses.
Wright, the C. Coleman McGehee Professor of Commerce and McIntire’s Associate Dean for Faculty and Research, acknowledged the inconvenience that comes with the last bit of his advice – “The annoying updates that everyone puts off,” he said – but knows that any piece of proactivity can be beneficial during these unpredictable times.
As a reaction to the severe sanctions placed on it, Russia is likely to target the U.S. at some point, Wright said.
“While it’s really hard to say when it’ll happen, I think it’s key to start having a sense of vigilance,” he said. “The organizations and the cybersecurity professionals, yeah, they’re always vigilant, but I think what’s different now is to raise the average person’s awareness.
“We’ve talked a lot since 9/11 about, ‘You see something, you say something.’ Well, I think that is what we now need to translate into the cyberworld. So if something is happening on your machine, if something is happening on the machine of someone you know, or something just strange is going on, this is one of those times when you need see it and you say it. And that actually helps organizations and helps people respond to those incidents.”
Recent history suggests Russia is more than capable of a cyber ambush. In April 2021, the U.S. government formally attributed the SolarWinds intrusion – an attack of a Texas-based software supply chain that compromised thousands and allowed infiltration of U.S. government networks – to the Russian Foreign Intelligence Service.
What has the U.S. done since to shore up its defense? Kristen Eichensehr, a former Special Assistant to the Legal Adviser of the U.S. Department of State and current director of UVA’s National Security Law Center, said executive edicts have moved the nation to a stronger cybersecurity footing.
“In the wake of SolarWinds, the Biden administration issued an executive order that was aimed at better securing U.S. government systems, which makes sense because that’s what was ultimately compromised with SolarWinds,” said Eichensehr, a Martha Lubin Karsh and Bruce A. Karsh Bicentennial Professor of Law. “So that’s doing things to harden the defenses and make more U.S. government systems more resilient.
“In recent weeks, the Biden administration has been advocating that private sector entities look to that executive order for guidance on what they, too, should be doing. This is all in the spirit of hardening defenses, making attacks less likely to succeed, and also making companies more resilient. Resilience means helping entities to come back online faster and to contain damage when things do happen.”
On March 8, it was announced that Mandiant, the Reston-based cybersecurity firm that uncovered the SolarWinds attack, was purchased by Google for $5.4 billion.
“This is really important, just looking at it from a market impact,” Wright said. “The market values this type of intelligence so much that the big tech companies are coming in and buying these other companies up that are doing a really good job of protecting us.”
Both Wright and Eichensehr agree that U.S. consumers could feel the impact of a cyberattack in surprising and frustrating ways, such as with their online banking.
“You go to log in and the website is down,” Eichensehr said. “That’s not really a destructive attack. That’s more of a nuisance. We’ve seen in the course of the Ukraine conflict in the last couple of weeks some distributed denial-of-service attacks that have taken websites in Ukraine offline. So consumers could see unavailability of a particular website.”
Added Wright, “The most probable is ransomware attacks against financial organizations, where they disrupt the ability to do the day-to-day things – so being able to access your bank, getting your bills paid, those types of things.”
In the meantime, Americans are encouraged to stay vigilant.
“The things that people can do individually can be very important,” Eichensehr said. “Making sure that your phone and your laptop are running the latest, up-to-date software can help. Also, turning on multifactor authentication. And just trying to better secure everything.”