New Jersey may not be at the top of the Kremlin’s list of targets, but with the Russian-Ukrainian war at the center of the virtual space, the risk is substantial for New Jersey to feel the pain of the conflict.
New Jersey businesses, infrastructure, and financial institutions have been warned that they need to beef up their existing cybersecurity.
“We have as good a set of protocols in place as you can hope for,” Gov. Phil Murphy said during a recent interview with radio station WCBS 880. “But that doesn’t mean we’re not. not vulnerable in one form or another.”
A series of bulletins have been issued over the past month by New Jersey’s Cybersecurity and Communications Integration Cell – a branch of the state’s Department of Homeland Security – warning of an escalation on the cyber front. .
Attacks can range from distributed denial of service attacks, which can crash a server; ransomware attacks like the ones that shut down the Colonial Pipeline last spring, or “wipe attacks” that can destroy data and digital records on a targeted machine.
Infrastructure such as pipelines and the power grid, as well as state and local governments or private businesses, could all be at risk, state officials have warned — whether from the Kremlin themselves or from another country or group.
Intelligence groups, including the NJCCIC and the US Department of Homeland Security, have issued a series of recommendations for businesses focused on preparedness, developing a response plan, and implementing controls and the necessary infrastructure.
“As the crisis in Ukraine continues to escalate, it is likely that Russia’s aggressive cyber activity will increase and expand beyond its original Ukrainian government, military, energy and utility targets. finance,” read an NJCCIC bulletin from Feb. 24, the day Russia started. his offense.
“Russia, and those aligned with its efforts, will continue to conduct disruptive and destructive cyber attacks, cyber espionage and information operations against Ukraine and any government or group supporting Ukraine or opposing the invasion of Ukraine. Ukraine by Russia,” the bulletin added.
In 2017, Russia launched a malicious attack on Ukraine’s private sector that quickly spread globally, affecting both the port of Newark and the Kinnelon-based global drugmaker Merck.
A Super Court judge only ruled last month in favor of Merck’s $1.4 billion insurance claim from the attack, known as NotPeya. Merck’s insurers tried to dismiss the claim, saying the cyberattack was an act of war and not covered by their policy, but the courts disagreed.
“The United States could very well come under a wave of cyberattacks from Russian state-sponsored groups in retaliation for economic sanctions imposed by the United States and its allies,” noted Karen Painter Randall, Partner and President. cybersecurity practice at the law firm of Connell Foley.
“It appears that Russian threat groups have been conducting reconnaissance against U.S. electricity and natural gas sites over the past several months,” Randall, a speaker at a recent NJBIZ cybersecurity panel, continued.
The combination of Russia’s stagnant advance in Ukraine – and the cascade of economic sanctions, such as the withdrawal of several major Russian banks from the SWIFT international financial system – could lead to tougher responses from the Kremlin, some have warned. cybersecurity analysts.
“Putin/Russia is becoming completely isolated economically and diplomatically”, tweeted Dmitry Alperovitch, a former Russian national and former chief technology officer of cybersecurity firm CrowdStrike. “The danger: Putin has very little to lose now. He is cornered. Can do anything against economic and cyber retaliation.
One possible target: the slew of online coworking products like Zoom and Microsoft Teams that businesses have relied on amid the pandemic, suggested Reza Curtmola, professor and faculty member of the Cybersecurity Research Center at the New Jersey Institute of Technology.
“Almost everything is connected on the Internet today,” he said. “We are not in a good state. I am sure that if a foreign power seriously wanted to cause harm, it would be able to.
For banks in New Jersey and the many financial institutions in New York and Philadelphia that use New Jersey’s infrastructure, it’s possible that a cyberattack could have major fallout in the Garden State as well.
“I say [financial institutions] stress test for cyberattacks, but I think they stress [test] for more rogue actors,” said Michael Affuso, executive vice president and director of government relations at the New Jersey Bankers Association. “I don’t necessarily think a rogue actor has the available infrastructure that a nation-state would have.”