By Chetrice Mosley-Romero

Are we in the 1980s or the 2020s? “Top Gun” is in the movie theaters (and Tom Cruise is STILL doing his own stunts). Kate Bush’s “Running Up That Hill” is playing on the radio. And, unfortunately, some nations **cough, cough, Russia, and China** are still up to no good.

Many of you are probably unaware that this week is Captive Nations Week. It was established by Congress at the start of the Cold War and it is a call for liberty and opportunity for the oppressed people of authoritarian governments.

Not only that, it’s a reaffirmation of the importance of maintaining and protecting democratic principles. Coincidentally (or not), among the nations who are criticized under Captive Nations Week, are China and Russia, who are also nation state actors who  engage in cyberattacks that target democratic nations.

So what are they doing?

According to US Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) China targets have been critical infrastructure such as health care, energy, the defense industrial base, and government facilities. For more information, read CISA's "China's Cyber Threat Overview and Advisories".

And Russia is no better. CISA reports that “the Russian government engages in malicious cyber activities to enable broad-scope cyber espionage, to suppress certain social and political activity, to steal intellectual property, and to harm regional and international adversaries.” For more information, read CISA’s  overview of Russia’s Cyber threat. In addition to the continued attacks on democracies, including the terrible war in Ukraine, Russia has openly used misinformation and dis-information to try and influence the outcome of our elections. During the last presidential election, a report from the United States National Intelligence Council found that Russian President Putin had authorized influence operations spreading disinformation that harmed President Biden’s candidacy and the Democratic party which, in turn, “undermined public confidence in the electoral process.”

If you’re an organization in critical infrastructure that is prone to be targeted by Nation-State attacks, here are 4 ways to defend yourself.

1. Avoid acquiring technology from companies based in nations that pose a threat. You can also request vendors to provide evidence about the security process used to create the application or hardware.
2. Isolate internal networks from the Internet. The safest way to protect data is to remove internal systems from the Internet.
3. Share cyber threat information with other organizations. This can enhance situational awareness and help mitigate attacks to other organizations.
4. Enhance employee cybersecurity awareness programs, including educating everyone in your organization to help increase their knowledge of best practices related to the company’s IT security.

It is also important to help prevent disinformation from spreading. If you see crazy claims on the internet that are hard to believe, it probably is. Make sure you stop and think before sharing it with others. You should also fact check any claims with credible sources such as local, state, or the federal government.

The tools of oppression have evolved alongside technological advancements. Authoritarian governments now have more tools to exert control over their populations, as well as undermine democracies abroad.

Thankfully, there are a wide range of cybersecurity resources – including CISA’s “Shields Up” website page and, here in Indiana, you can visit the Indiana Cyber Hub for all kinds of helpful information, including  best practices, resources and tips that you can use at home, at work or at school.

Ensuring the strength of our democratic institutions is at the heart of recognizing the significance of Captive Nations Week and what we learn from it will help in contributing to a culture of cybersecurity for all of us.