IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Planning for a Nation-State Cyber Attack — Are You Ready?

Some global experts are predicting a significant cyber attack against U.S. and UK critical infrastructure if Russia invades Ukraine. Whether it happens or not, is your organization prepared for this scenario?     

Hundreds of people holding signs and flags participated in a “Stand With Ukraine” rally in Union Square amid threat of Russian invasion of Ukraine.
NEW YORK — JAN. 22, 2022: Hundreds of people holding signs and flags participated in a “Stand With Ukraine” rally in Union Square amid threat of Russian invasion of Ukraine.
Shutterstock/Ron Adar
Warnings are pouring in from all over the world about the U.S. and U.K. domestic impacts resulting from a potential attack on Ukraine from Russia. Assuming the U.S. imposes sanctions or takes other retaliatory measures against Russia should an invasion occur, experts say that cyber attacks could be launched against U.S. and U.K. businesses and even government agencies.

Consider these recent headlines:

Financial Times UK regulator warns banks over threat of Russian-sponsored cyber attack: “The UK’s financial regulator has told banks to strengthen and test their defences against the threat of Russian-sponsored cyber attacks as the stand-off over the future of Ukraine deepens. Large banks with operations in the UK have been warned over the heightened risks stemming from Russia’s build-up of more than 100,000 troops around Ukraine, according to two executives who received a so-called “dear CEO” letter from the Financial Conduct Authority.”

Wall Street Journal Russia’s Massive Military Drills on Ukraine Border Stir Invasion Fears: “Russia kicked off large-scale military exercises in Belarus on its western borders with Poland and Lithuania and along its southern flank near Ukraine, an escalation of the standoff between Moscow and Western powers and a possible precursor to a Russian invasion of a smaller neighbor.

“Western officials believe the Russian exercises in Belarus could open a possible new vector to launch an attack on Ukraine, adding to the 100,000 troops Moscow has already deployed to the Russian-Ukrainian border. The Kremlin says the military activity is in response to a threat from the West to its own security.”

CNBC Biden tells U.S. citizens to leave Ukraine immediately amid ‘troubling’ signs of Russian escalation: “President Joe Biden has issued a warning that U.S. citizens should leave Ukraine immediately as tensions with Russia over its military activity continue to intensify.

“‘American citizens should leave. … Leave now,’ Biden told NBC News’ Lester Holt on Thursday night. “We’re dealing with one of the largest armies in the world. This is a very different situation, and things could go crazy quickly.”


Here are some more recent headlines that outline the potential of cyber attacks against the U.S. and other countries:

NewsweekRussia Could Launch Cyber Attacks Against U.S. if Biden Sends Wrong Signals, Intel Warns: “In a new memo obtained by Newsweek, the Department of Homeland Security has warned of Russia's potential to launch cyberattacks against the United States in response to a possible escalation of the crisis unfolding at the border with Ukraine. …

“‘We assess that Russia would consider initiating a cyber attack against the Homeland if it perceived a U.S. or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security,’ the memo, dated January 23 and attributed to the Office of Intelligence and Analysis, reads in bold text.”

Politico On Ukraine, senators put cyberattacks top-of-list for sanctions: “Leaders of the Senate Foreign Relations Committee say a Russian cyberattack against Ukraine would be high on the list of acts to prompt sanctions against Vladimir Putin’s regime, even before an invasion. …

“President Joe Biden has said the U.S. would retaliate with its own cyberattacks if Russia launches a major cyber strike in Ukraine, but has not publicly committed to levying sanctions for cyberattacks. Sanctions could be seen as equally damaging to Russia as they stand to cripple the economy and isolate Russia from international trade.”

Reuters European, U.S. regulators tell banks to prepare for Russian cyberattack threat: “The European Central Bank is preparing banks for a possible Russian-sponsored cyber attack as tensions with Ukraine mount, two people with knowledge of the matter said, as the region braces for the financial fallout of any conflict.”


Regardless of whether you believe Russia will attack Ukraine over the next few months, it is important for all enterprises to prepare for this scenario. Other related cyber attack scenarios include a Chinese invasion of Taiwan.

Scenario planning for cyber attacks is the norm for smart public- and private-sector enterprises, and this type of situation is often viewed as a worst-case scenario by some, thus the reluctance to discuss it openly in the media. Nevertheless, in my opinion, it is an important topic for state and local governments to consider given the current situation with Russia and Ukraine.

This article from James Lewis at the Center for Strategic and International Studies (CSIS) earlier this month provides some good background and context on “Russia and the Threat of Massive Cyberattack.”

In addition, the Cybersecurity and Infrastructure Security Agency (CISA) released this important alert in January, and I published this blog on the topic last month, saying to pay attention.

The Multi-State Information Sharing and Analysis Center (MS-ISAC) released two papers called “From Russia ... With Love?,” a two-part series on the history of Russian involvement with cyber crime. Part 1 highlights the history of Russian governmental influence in cyber crime up to the present day. Part 2 details the global implications of the Russian government’s influence in cyber crime, including the impact on the state and local government community and recommendations for mounting an effective cyber defense. 

I urge all state and local governments to be on the lookout for additional alerts and updates from the MS-ISAC. Other ISACs, such as the Research and Education Networks Information Sharing and Analysis Center (REN-ISAC), will also have timely, actionable updates to this situation.

This report from CyberWire offers a CISA update that includes 18 new industrial control system advisories that were just released this week. Also from the report: “CISA also added fifteen new entries to its Known Vulnerabilities Catalog. All US Federal Civilian Executive Branch Agencies (FCEB Agencies) are required to remediate each vulnerability by a specified date. Agencies have until August 10th of this year to address fourteen of them, but one, CVE-2021-36934, a Microsoft Windows SAM Local Privilege Escalation Vulnerability, requires more urgency, and must be mitigated by February 24th.”

Although a bit dated, the National Institute of Standards and Technology (NIST) offers this good material to review from an RSA Conference as you think through what is called “Extreme Cyber Scenario Planning and Fault Tree Analysis.”

NIST Special Publication 800-184 offers a Guide for Cybersecurity Event Recovery, and I urge readers to visit the wider NIST Computer Security Resource Center, which has many other helpful planning documents.

Another excellent resource is this Joint Cybersecurity Advisory released this week on ransomware, with excellent threat information as well as many great mitigation steps and checklists to help.


According to this Atlantic Council webcast, which I highly recommend, Feb. 20 is a key date for determining what will happen in Ukraine.

I also like this Microsoft blog from December 2021 which describes the final report on NOBELIUM’s unprecedented nation-state attack: “This is the final post in a four-part series on the NOBELIUM nation-state cyberattack. In December 2020, Microsoft began sharing details with the world about what became known as the most sophisticated nation-state cyberattack in history. Microsoft’s four-part video series ‘Decoding NOBELIUM’ pulls the curtain back on the NOBELIUM incident and how world-class threat hunters from Microsoft and around the industry came together to take on the most sophisticated nation-state attack in history. In this last post, we’ll reflect on lessons learned as covered in the fourth episode of the docuseries.

“Nation-state attacks are a serious and growing threat that organizations of all sizes face. Their primary objective is to gain strategic advantage for their country, such as by stealing secrets, gathering cyber intelligence, conducting reconnaissance, or disrupting operations. These efforts are typically conducted by state-sponsored actors with significant expertise and funding, making them a particularly challenging adversary to defend against.”


I was reluctant to write this blog at this time because some will accuse me of fear-mongering. Nevertheless, I believe it is my duty to elevate this conversation and ask the questions: Have you prepared for this nation-state cyber attack scenario whenever it may come? Are you ready?

I want to close with one more development from this past week. Cyber Security News highlights the White House plans for water utilities along with tech reporting requirements.

This report is just another example of one of the sectors that needs to urgently address cybersecurity protections, along with the other critical infrastructure areas. If this situation lights a fire under those actions, that will be a positive development.

Of course, we all hope to avoid the need to defend against a full-scale nation-state cyber attack — at any time. But the time to “hope for the best but prepare for the worst” is now.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.