DENVER — As the state established its own sanctions on Russia in response to the military action in Ukraine, Colorado also announced it would put a tighter focus on cybersecurity.
We take a look at what might be threatened in Colorado.
From the federal government
On its website, the Cybersecurity and Infrastructure Security Agency (CISA) explains that cyberattacks, even in Ukraine, may impact the United States. And while there isn't a direct threat to American infrastructure now, agencies need to be prepared:
While there are no specific or credible cyber threats to the U.S. homeland at this time, we are mindful of the potential for Russia’s destabilizing actions to impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our Allies. Every organization—large and small—must be prepared to respond to disruptive cyber activity.
President Joe Biden said this week that the American government is prepared to respond to cyberattacks from the Russian government if necessary.
"If Russia pursues cyberattacks against our companies, our critical infrastructure, we are prepared to respond," he said. "For months, we have been working closely with our private — with the private sector to harden their cyber defenses, sharpen our ability to respond to Russian cyberattacks, as well."
NBC News even reported Biden has "menu of options for the U.S. to carry out massive cyberattacks designed to disrupt Russia’s ability to sustain its military operations in Ukraine."
But the concerns are not just on the national and international levels. Colorado leaders are getting messages from the federal government asking for extra vigilance when it comes to cybersecurity.
"[The federal government] issued a shields-up order to all organizations around the country to be extra vigilant," Tony Neal-Graves, the chief information officer and executive director for the Colorado Office of Information Technology, said.
The most recent "shields-up" message asked organizations to plan for the worst when it comes to cyberattacks after the Russia attack on Ukraine, accompanied by cyberattacks on the Ukrainian government and infrastructure.
The concerns
The federal government said in the wake of sanctions imposed by the United States and allies, organizations need to be prepared for the possibility of "disruptive cyber activity." Cybersecurity is an ongoing concern, and it's being emphasized in Colorado now for a couple of reasons.
"There is no such thing as a world away," said Professor Steve Beaty at Metropolitan State University of Denver. "The world is so interconnected, Russia and every other country on the planet is right next door, from a cyber point of view."
Beaty said the things we rely on day-to-day are the very things that need extra protection right now, including electricity grid, natural gas, transportation and our banks.
"At a state level, we have a lot of citizen information we have to protect," said Neal Graves, who added if a system is hacked and control taken out, it takes down the physical network, as well.
What's being done
At a state level, there is a constant conversation about cybersecurity with critical infrastructure like that run by the Regional Transportation District and Denver International Airport (DIA).
Agencies will not give specific information about what is done to shore up security practices, but a spokeswoman with DIA, or DEN as it's officially known, said:
"DEN partners with federal, state, and local government partners, as well other aviation sector entities, to share intelligence information regarding cybersecurity threats to the region, government entities, and the aviation sector. This strengthens the preparedness and mitigation capabilities in response to new threats and enhances the ability of the aviation sector to prevent and respond to potential cyber-attacks.
Based on the intelligence information we receive from these partnerships, DEN is continually reviewing and adjusting our cybersecurity posture in attempt to prevent and detect malicious behavior from any number of threat actors pursuing disruption through cybersecurity methods. A majority of those efforts are currently focused on, but not limited to, Russian threats."
Neals-Graves also said Colorado will double-down on monitoring around the clock for state agencies.
In the private sector, Beaty said companies are also taking their own measures to watch their cybersecurity. CISA also offers a list of tips and resources companies could turn to, as needed.
The state is asking individuals to pay attention to cybersecurity, as well. Being vigilant could be as simple as updating passwords or using two-factor authentication to login to accounts.
Connections to the region
There is a big connection between the U.S. and this region. Beaty said Ukraine is a big tech hub with people working for American companies there.
When cybersecurity is a concern, one of the fastest things these companies can do is go offline. The professor said that means some companies are shutting off internal communications with their employees and trying other channels to make sure their colleagues are OK.
This goes way coworkers and cybersecurity concerns. Attacks can complicate families trying to reach their loves ones, as well.
One humanitarian group 9NEWS spoke to is currently figuring out if they can help families in Ukraine, but that can be complicated.
They have to be completely sure information shared with families trying to evacuate is accurate, because bad information is circulating. Additionally, they have to take cybersecurity into account because Russia is technologically sophisticated, they want to ensure their information and data is secure. If hacked, the group said it can put people in danger.
We did not show or name the group in this story because of safety concerns.