government of Jersey shield with JCSC text

Invasion of Ukraine: Raised Cyber Threat

JCSC has been closely monitoring recent developments in Ukraine including a series of cyber attacks in January and February 2022. These attacks have included both Distributed Denial of Service attacks (DDoS) and malware designed to render information systems inoperable. Several of these attacks have been attributed by UK and US authorities to Russia’s Main Intelligence Directorate (known as GRU).

At the moment, there is no evidence of a specific threat to Jersey organisations. However, there has been an historical pattern of cyber attacks on Ukraine with international consequences, so we are advising local organisations to prepare for an increase in malicious cyber activity. Similar warnings have been issued by other national cyber authorities including NCSC (UK) and CISA (USA).

Such attacks are likely to be followed by an increase in criminal or hacktivist (cyber activist) led cyber attacks. We are currently tracking follow-on cyber activity targeted primarily at government bodies, financial services, critical infrastructure and their direct supply chains.

The situation is increasingly unpredictable and this raised threat level is likely to persist.

We would encourage any Jersey-based organisations operating in the financial services, government and public services, professional services and critical infrastructure sectors to take the following immediate steps to minimise the risk of a successful cyber attack.

This advice is also appropriate for organisations outside these sectors, because cyber attacks can be indiscriminate.

Awareness and Alerting

  • Register for NCSC’s Early Warning Service. We have confirmed that NCSC will make this service available to all Jersey based organisations. This provides alerts when intelligence suggests your network or systems may be compromised.
  • Register for NCSC’s Cyber Information Sharing Portal. (CiSP) Channel Islands Node receive and share intelligence on potential or actual attacks. This is a paid service, but we will sponsor applications for CiSP from Jersey based organisations: just email hello@jcsc.je to request sponsorship.
  • Register for updates from JCSC via our newsletter or social media channels so we can inform you quickly if the situation develops.
  • Report any unusual cyber activity via CiSP Channel Islands Node or via email to incidentreports@jcsc.je.

Operation of Critical Cyber Security Controls

  • Make sure that your organisation follows good cyber hygiene practices consistently. Your internal controls should be
    assessed against a recognised framework such as CyberEssentials Plus, NIST CSF, NCSC’s Common Assurance Framework or ISO 27001:2022.
  • Follow guidance from NCSC on actions to take when the threat level is heightened.
  • Make sure that patching is up to date on all systems including device firmware, with a particular focus on core IT infrastructure and externally facing systems.
  • Make sure that externally-facing services (such as websites) are protected from Distributed Denial of Service (DDoS) attacks. You can do this, for example, by implementing cloud-based DDoS protection services.
  • Implement 2 step verification (2SV) for all accounts and add additional controls to secure accounts that have more privileges
  • Ensure that employees are aware of good cyber hygiene practices, including use of 2SV for personal accounts.

Incident Readiness & Response Planning

  • Ensure cyber incident response plans are reviewed and tested on a regular basis.
  • Ensure back up data is effectively segregated and undertake test restores on a regular basis.

 

Watch: Five cyber lessons to learn from Ukraine

Marcus Willett CB OBE explains what we can learn from Russia’s war against Ukraine.