June 1, 2022 By Jennifer Gregory 2 min read

U.S. Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly highlighted the importance of defending against Russian cyberattacks in a recent interview. 

“We are seeing evolving intelligence about Russians planning for potential attacks,” she told 60 Minutes. “We have to assume that there is going to be a breach, there is going to be an incident, there is going to be an attack.”

When asked why the average American should be concerned, she responded that everything we do in our daily life – pumping gas, buying food, using an ATM, power, water and communication – all depend on critical infrastructure. Easterly explained that this critical infrastructure is what is at potential risk.

“We are seeing Russian state actors scanning, probing, looking for opportunity, looking for weaknesses on critical infrastructure, on businesses,” Easterly said. “Think of it as a burglar going around trying to jiggle the lock in your house door to see if it’s open.

Precedent set for nation-state attacks

“I think we are dealing with a very dangerous, very sophisticated, very well-resourced cyber actor,” said Easterly.

When asked about sectors likely to be targeted, Easterly said the Russian playbook includes targeting the energy sector. Robert Lee, former National Security Agency hacker and co-founder of cybersecurity company Dragos, added that Russia is the only country that has expertise in taking down cyber powers.

In 2015, Lee looked into an attack where the Russian state broke into three different Ukraine power companies. In the end, the attack took over 60 substations off the grid in the dead of winter. This caused blackouts for over 225,000 customers. Easterly also discussed rumors that the financial services industry was a target. She explained that this was likely to strike back over sanctions against Russia.

CISA’s answer: National awareness campaign

In April, CISA launched Shields Up, a national campaign aimed to increase awareness and share information about potential attacks. Social media campaigns have focused on getting consumers to update software apps and use multifactor authentication on their phones. The Shields Up website provides time-sensitive updates about the threat of a Russian cyberattack. Easterly cautions that the Shields Up website is about being ready and not about making people panic. Instead, she wants everyone to assume that cyber threats will happen and to prepare. The website also provides guidance for organizations, including:

  • Reduce the likelihood of a damaging cyber intrusion
  • Take steps to quickly detect a potential intrusion
  • Ensure that the organization can respond if an intrusion occurs
  • Maximize resilience to a destructive cyber incident.

By getting the word out to businesses and the general public, the U.S. can be more prepared for a potential nation-state cyberattack and ideally prevent it from happening.

If you have questions and want a deeper discussion about the malware and prevention techniques, you can schedule a briefing here. Get the latest updates as more information develops on the IBM Security X-Force Exchange and the IBM PSIRT blog.

If you are experiencing cybersecurity issues or an incident, contact X-Force to help: US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.

More cybersecurity threat resources are available here.

More from News

We are moving!

< 1 min read - SecurityIntelligence.com is being sunset, but have no fear!We have a new home for all of your favorite security and X-Force content.Follow us to www.ibm.com/think to maintain access to the stories and news you love, both new and old.Security Intelligence will officially sunset on Friday, March 28, 2025. To access the latest security thought leadership, go here. To access the latest X-Force research, go here.If you are experiencing cybersecurity issues or an incident, contact X-Force® to help:US hotline: 1-888-241-9812 | Global hotline:…

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

Insights from CISA’s red team findings and the evolution of EDR

3 min read - A recent CISA red team assessment of a United States critical infrastructure organization revealed systemic vulnerabilities in modern cybersecurity. Among the most pressing issues was a heavy reliance on endpoint detection and response (EDR) solutions, paired with a lack of network-level protections. These findings underscore a familiar challenge: Why do organizations place so much trust in EDR alone, and what must change to address its shortcomings? EDR’s double-edged sword A cornerstone of cyber resilience strategy, EDR solutions are prized for…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today