On January 28, 2026, the Federal Bureau of Investigation (FBI) announced the launch of Operation Winter SHIELD, a coordinated initiative designed to promote adoption of core defensive measures that are shown to mitigate common intrusion vectors. Operation Winter SHIELD identifies ten priority actions the FBI views as important in improving organizational cyber resilience. The FBI also stated that these are controls that organizations can take “right now, to defend against cyberattacks.” These recommendations track closely with themes observed across recent federal cybersecurity advisories:
- Adopt phish‑resistant authentication — Transition from legacy authentication methods, including SMS‑based MFA, to FIDO2‑compliant security keys or device‑bound passkeys, with administrators and executives prioritized for deployment.
- Implement a risk‑based vulnerability management program — Entities should maintain a complete asset inventory, perform authenticated internal scans, and set remediation timelines proportional to system criticality, documenting exceptions with compensating controls.
- Track and retire end‑of‑life (EOL) technology on a defined schedule — Maintain a rolling EOL forecast and ensure timely replacement or isolation of unsupported assets and apply interim mitigations where immediate retirement is not feasible.
- Manage third‑party risk — Maintain a centralized register of vendors with network or data access, enforce least‑privilege access, mandate breach‑notification and control‑verification obligations contractually, and disable unused accounts.
- Protect security logs and preserve them for an appropriate time — Consolidate logs across key systems into secure, immutable storage with retention aligned to legal and incident‑response needs (commonly at least twelve months) and conducting regular visibility reviews.
- Maintain offline, immutable backups and test restoration — Given that adversaries frequently target backups early in attacks, retain offline, immutable copies and perform routine restoration testing.
- Reduce administrator privileges — Minimize privileged accounts and ensure elevated access is used only where operationally necessary.
- Identify, inventory, and protect internet-facing systems and services — Maintain an accurate inventory of externally exposed assets and apply timely patches and implement appropriate monitoring.
- Strengthen email authentication and malicious content protections — Implement enhanced email authentication measures and robust content filtering to mitigate persistent phishing threats.
- Exercise incident response plan with stakeholders — Conduct periodic incident response exercises to ensure operational readiness and coordinated action during cyber incidents.
Each week, the FBI will focus on one of these key defenses and connect them to real FBI cases. Brett Leatherman, Assistant Director of the FBI’s Cyber Division, said that these controls are meant not “to check boxes” but are meant to “start the conversation” and help build security controls across the private sector. The campaign, which the FBI is promoting through its dedicated website, as well as its LinkedIn and X.com accounts, will provide guidance derived from recent federal investigations and will spotlight critical defenses that organizations can implement to further secure their systems.
