The situation is fast evolving in the wake of Russia’s invasion of Ukraine, and SANS is working to continuously develop and share with our community valuable resources to help them navigate the heightened cyber threat during this escalating crisis. Please take a look through the below repository and check back regularly in the coming days, as more resources will be added and updated as they become available.
Upcoming webcasts & live streams
Prioritizing Critical Infrastructure Defense
Webcast - Scheduled for Friday, March 4 at 2:00pm EST (19:00 UTC)
Speakers: Paul Stockton, Robert M. Lee, Tim Conway
With ongoing military operations escalating in Ukraine on a daily basis, there are unique global considerations that Asset Owners and Operators within Critical Infrastructure sectors need to know. This webcast will address the current state of activity occurring globally and the specific relevance to Critical Infrastructure and Key Resources. The speakers will dive into the Industrial Control System specific actions that organizations can and need to take immediately. The speakers will also explore the resilience and incident response measures that organizations should consider in anticipation of possible attacks. Recognizing the uniqueness of these operational environments and understanding the full scope of what can be pursued with cybersecurity programs, the speakers will provide a prioritized list of top 5 critical controls for OT environments.
Register to Attend and View the Recording
Past webcasts & streams - accessible on demand
Urgent Webcast: Russian Cyber Attack Escalation in Ukraine – What You Need to Know!
Aired Friday, February 25 at 12:00pm EST
Every organization is at risk from cyber threats from Russia, warned governments and intelligence agencies from around the world. This warning comes in response to the escalation of Russia’s invasion of Ukraine, which includes boots-on-the-ground tactics as well as cyber attacks.
Russian cyber operations have targeted Ukraine with destabilization efforts for years, by way of infrastructure attacks, influence operations, website defacement, and attacks on Ukrainian banks and military networks.
All organizations find themselves potential targets for cyber attacks as Russia responds to sanctions imposed on Russia for violating international law. According to the governments and intelligence agencies from around the world, “Russia maintains a range of offensive cyber tools that it could employ against global networks—from low-level denials-of-service to destructive attacks targeting critical infrastructure.”
Given all the fast-moving pieces involved, what exactly is the threat from Russia?
In this urgent webcast, top cybersecurity experts Tim Conway, Kevin Holvoet, Rob Lee, and Jake Williams will give an overview of current Russian Threat Actor capabilities, discuss critical infrastructure attacks on Ukraine, and possible escalation spillover into the other parts of the world. Join us to get the answers to the key questions surrounding this conflict.
Register to Attend and View the Recording
Go Here to Download Webcast Slides >>
Note: This webcast has been translated into four additional languages. Access them below:
Defenders: What to do NOW if expecting nation state attackers
Live Stream - Aired Wednesday, March 2 at 1:30pm EST
Many orgs didn’t realize it, but they’ve always been the potential target of state-sponsored attacks. Recent geopolitical events have brought this into the forefront. You can mount effective defenses against the strongest of attackers. You can win as a defender in infosec. In this webcast Mick Douglas and Jon Gorenflo will show you how… with a focused and prioritized battleplan. Even better, most of this will be done with existing components you already have.
See associated PDF >>
Additional Resources
PDF - Six Defensive Techniques to Make Your Attackers Cry: Russia and Ukraine Cyber Crisis
In this paper, there are six incredibly effective defensive techniques. They will work for organizations of all sizes. The goal of these controls isn’t just to stop attackers, but rather to create a positive feedback loop. If you follow these steps, you will reduce your noise, which allows you to do more meaningful work, which reduces the noise further, and so on! If you’ve ever felt trapped on an IT/cybersecurity treadmill, this is your escape plan. This is a blueprint for victory as a defender.
Internet Storm Center Diary - The More Often Something is Repeated, the More True It Becomes: Dealing with Social Media
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu, writes about recognizing fake social media posts.When we think about "Cyberwar," we often think about power stations blowing up and satellites deorbiting. So far, we have not seen much of this regarding the war in Ukraine. But as Russian troops close in on Kyiv, a "Cyberwar" plays out on social media and has a substantial impact. It can be argued that public opinion and aid for the government in Kyiv are shaped by social media posts of brave Ukrainians resisting insurmountable odds.
CISO Action Items – Ukraine Cyber Crisis
From Joe Sullivan, SANS Certified Instructor Candidate
This PDF is a list of CISO action items of consideration for security leaders that may be directly affected by the crisis in the Ukraine, or in a multi-national organization that depends on Ukrainian resources. The tool can be used as a framework for determining reliable news sources, business analysis, security operation analysis, and then reporting to the executives and board members about the state of security in the context of this crisis.
Security Communications Template
From Lance Spitzner, SANS Senior Instructor
A tremendous number of organizations have been asking us what they should be communicating to their workforce during these unprecedented times. SANS is providing a communications template you can use to communicate to your entire workforce about the key steps people can take to help protect themselves both at home and at work.
