← Back to all briefings

Cybersecurity · Credibility 94/100 · · 2 min read

CISA Raises Shields Up Guidance — February 24, 2022

CISA activated its Shields Up campaign after Russia's invasion of Ukraine, urging all U.S. organizations to adopt heightened monitoring, multifactor authentication, and incident response readiness.

Executive briefing: On the Cybersecurity and Infrastructure Security Agency (CISA) elevated its Shields Up posture in response to Russia’s invasion of Ukraine. Director Jen Easterly warned that destructive attacks seen in Ukraine could spill over into U.S. networks and called on every organization—regardless of size—to adopt heightened monitoring, multi-factor authentication, and rapid response practices.

Key actions from CISA

  • 24/7 monitoring. Organizations should enable heightened log collection, review threat hunting workflows, and be prepared to surge analyst coverage around-the-clock.
  • Access hardening. CISA stressed enforcing multi-factor authentication across all remote access, privileged accounts, and third-party integrations to blunt credential theft campaigns.
  • Incident readiness. The agency asked leaders to validate incident response plans, run tabletop exercises, and ensure rapid escalation paths to CISA and the FBI.

Control alignment guidance

  • NIST CSF PR.AC. Confirm multi-factor authentication coverage for privileged identities, contractors, and suppliers handling operational technology.
  • NIST CSF DE.CM. Increase telemetry centralisation and threat hunting frequency to spot destructive wiper activity and lateral movement quickly.
  • NIST CSF RS.CO. Update notification trees and communication templates so legal, executive, and sector risk partners can notify regulators and CISA within hours.

Operational recommendations

  • Share the Shields Up checklist with business unit leaders and require written confirmation that the actions have been executed.
  • Pre-stage gold images and verified backups to restore critical systems if destructive malware impacts production infrastructure.
  • Coordinate with managed security service providers on surge support and escalation hand-offs if anomalous activity is detected.

Zeph Tech is incorporating the Shields Up actions into joint tabletop exercises with clients that operate in critical infrastructure, healthcare, and financial services.

  • CISA
  • Incident response
  • Critical infrastructure
  • Russia-Ukraine
Back to curated briefings