The FBI and the Cybersecurity and Infrastructure Security Agency have issued an updated advisory attributing the cyberattacks on satellite communication networks to Russian state-backed malicious cyber actors.

Russia initiated cyberattacks on commercial satcom networks in late February to cause disruption on Ukraine’s command and control in support of its invasion and such actions extended to other countries in Europe, CISA said Tuesday.

CISA is working with Joint Cyber Defense Collaborative and international partners to build up cybersecurity resilience and respond to malicious activity.

The FBI and CISA are urging private and public sectors to assess and implement guidance included in several cyber advisories, including the one issued in March.

Under the advisory titled Strengthening Cybersecurity of SATCOM Network Providers and Customers, the agencies are calling on satcom network providers to adopt secure methods for authentication, enforce principle of least privilege, implement encryption, monitor logs for suspicious activity and ensure robust patching and system configuration audits, among other measures.

The Information Technology Industry Council has called on the Securities and Exchange Commission to delay the implementation of its proposed cybersecurity rule to provide the SEC with enough time to deconflict its rule with the Cybersecurity and Infrastructure Security Agency’s rulemaking to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2022.

ITI said Monday delaying the implementation could prevent the proposed rule from creating additional security risks.

In March, SEC solicited comments on proposed rules to improve and standardize disclosure by public companies regarding cybersecurity risk management, incident reporting, governance and strategy.

“While we understand the objectives of the rule are to improve investor awareness of cybersecurity-related factors, we are concerned that it may in fact serve to undermine cybersecurity if not appropriately calibrated,” ITI wrote in the comments to the proposed SEC rule.

“We encourage the SEC to delay implementation of the proposed rule until CISA has further implemented its own rulemaking pursuant to CIRCIA 2021, so as to have a more fulsome understanding of the cyber incident reporting landscape,” the organization added.

ITI also recommended that SEC avoid directing disclosure of incidents encountered by third-party vendors and include safe harbor provisions for national security, law enforcement and cybersecurity interests.

The National Institute of Standards and Technology has published a planning guide for federal administrators outlining an overview of how the NIST Risk Management Framework can be applied in implementing a zero trust architecture.

Scott Rose, a computer scientist within the wireless networks division at NIST’s Communications Technology Laboratory, detailed in the white paper risk management concepts for administrators and operators looking to deploy a zero trust infrastructure to safeguard their network assets against cyber threats, NIST said Friday.

Rose said the RMF lays out an approach that includes a set of steps and tasks integrated into enterprise risk analysis, planning, development and operations. These steps are grouped into seven actions: prepare, categorized, select, implement, assess, authorize and monitor.

“Administrators who normally do not perform the steps and tasks detailed in the RMF may find that they will need to become familiar with them as they migrate to a ZTA,” Rose said.

He noted that zero trust infrastructure implementation will depend on the workflow being analyzed and the resources used in performing that function.

“Zero trust is not a single technology solution, but a larger cybersecurity strategy and operational practice. A successful zero trust architecture requires the cooperation of cybersecurity planners, management, and administration/operations,” Rose added.