Yesterday, the U.S. Department of Homeland Security (DHS) hosted an unclassified, virtual awareness briefing in its NCCIC Awareness Briefing series, titled, Russian Activity Against Critical Infrastructure. The briefing followed up on activity regarding the joint Technical Alert (TA18-074A), Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors. Key highlights from the briefing include DHS’ confirmation that Russian Government Actors do currently have access to our critical infrastructure systems, including the ability to create a physical consequence such as a blackout, but they have not pushed any buttons yet. DHS experts offered no speculation at this time as to why Russian actors have not acted, other than they are still gathering valuable information. Additionally, DHS emphasized the campaign (reportedly commencing in 2016) began with a spear phish and subsequent compromise of access from a single supply chain vendor that enabled further compromises across other sector organizations. Members are encouraged to attend future briefings of this webinar for greater details and understanding of this current, on-going threat.