Hawaii announces cybersecurity guidelines in wake of Russian aggression

HONOLULU (Eagle News) – The state’s Office of Homeland Security (OHS) released a set of cyber-related guidelines for residents on Thursday, March 3, in response to the ongoing conflict between Russia and Ukraine, and the impact it has on the United States.

“In the wake of continued geopolitical tensions and related cybersecurity attacks affecting Ukraine and other countries in the region, the State Office of Homeland Security has been working hand-in-hand with our partners to identify and rapidly share information about cybersecurity threats that could threaten the operations of critical infrastructure in Hawaii,” said OHS Administrator Frank Pace. “Our state, local, and private sector partners in the state, and our long-time local and nationally-based federal partners are all working together to help organizations reduce their cyber risk.”

Pace added, “While there is no specific, credible threat to Hawaii at this time, we encourage all organizations, regardless of size, to heed the [U.S.] Department of Homeland Security’s recommendations and adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”

Protecting against cyberattacks

Below are the OHS’s recommendations in connection with cybersecurity:

  1. Reduce the likelihood of a damaging cyber intrusion by keeping your networks secure, ensuring software is up to date by prioritizing updates that address known exploited vulnerabilities identified by CISA, and confirming with IT that all non-essential ports and protocols have been disabled. If your organization uses cloud services, confirm that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance. Make sure to also sign up for CISA’s free cyber hygiene services.
  2. Take steps to quickly detect a potential intrusion by ensuring that cybersecurity/IT personnel are focused on identifying and assessing unusual behavior and confirming that your entire network is protected by antivirus/antimalware software with updated signatures.
  3. Ensure that the organization is prepared to respond if an intrusion occurs by designating a crisis-response team, assuring that key personnel will be available in response to an incident, and conducting a tabletop exercise to ensure that all crisis-response personnel understand their roles.
  4. Maximize the organization’s resilience to a destructive cyber incident by testing backup procedures to ensure that critical data can be rapidly restored, ensuring that backups are isolated from network connections, and conducting tests of manual controls to ensure that critical functions remain operable if the network is unavailable or untrusted.
  5. CISA urges cybersecurity/IT personnel at every organization to review Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure. CISA also recommends organizations to visit StopRansomware.gov, a centralized, whole-of-government webpage providing ransomware resources and alerts.
(File photo by Alfred Acenas, EBC Hawaii-Pacific Bureau, Eagle News Service)

Hawaii Congressman urges heightened preparedness, vigilance

(Official photo of U.S. Representative Ed Case of Hawaii’s First Congressional District. Photo courtesy of case.house.gov)

U.S. Congressman Ed Case of Hawaii also released a statement urging Hawaii state and county governments, businesses and residents to be vigilant against cyberattacks associated with Russia’s invasion of Ukraine.

“The bottom line is that we should fully expect and prepare for Russia and individuals and entities associated with Russia to engage in cyber warfare across the world, as they are already doing in Ukraine and have done in our country and elsewhere in the world and as we pursue our critical response through sanctions and other means,” said Case.

“This is just as true in Hawai’i as anywhere else in our country,” Case said. “For although we may be physically located on the other side of the world and far from the actual war, cyberattacks do not care about physical locations.”

Any incident or abnormal activity with a possible connection to cyberattacks may be reported through the Hawaii State Fusion Center at hsfc@hawaii.gov in addition to reporting to Cybersecurity Infrastructure Security Agency (CISA) at https://us-cert.cisa.gov/report, Central@cisa.dhs.gov, or 888-282-0870; and/or to the local FBI field office, or the FBI’s 24/7 CyWatch at 855-292-3937 or CyWatch@fbi.gov.

(With reports from Alfred Acenas, EBC Hawaii-Pacific Bureau, Eagle News Service)