Biden urges ‘immediately’ hardened cyber defenses, citing Russia
President Joe Biden released a statement on Monday doubling down on the potential for Russia to conduct malicious cyber activity against the United States.
The president noted that Russia could perpetrate attacks as a response to the United States’ economic sanctions on the country amidst its continued assault on Ukraine.
“It’s part of Russia’s playbook,” said Biden in the memo. “Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks,” the memo continued.
WHY IT MATTERS
As Biden’s memo noted, the administration Congress have worked to shore up funding for cyber defense, particularly among critical infrastructure entities such as healthcare.
But, he said, the federal government can’t unilaterally protect everyone.
“Most of America’s critical infrastructure is owned operated by the private sector critical infrastructure owners operators must accelerate efforts to lock their digital doors,” said the memo.
“If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year,” Biden’s memo continued.
A fact sheet published alongside the warning outlined steps for companies to take, including mandatory multi-factor authentication, data backups encryption, employee education, system patches proactive engagement with local federal law enforcement offices.
More broadly, the administration encouraged tech software companies to build security into products from the ground up, to develop software on highly secure systems, to check for potential vulnerabilities using modern tools to be responsible for code used in products.
Companies should also “implement the security practices mandated in the President’s Executive Order, Improving our Nation’s Cybersecurity,” said the fact sheet.
“Pursuant to that EO, all software the U.S. government purchases is now required to meet security standards in how it is built deployed. We encourage you to follow those practices more broadly,” it continued.
THE LARGER TREND
President Biden’s memo followed a joint alert from the Federal Bureau of Investigation Cybersecurity Infrastructure Security Agency this past week about state-sponsored Russian actors exploiting default multi factor authentication protocols a known vulnerability.
CISA this past month also warned critical infrastructure entities to put “shields up” in response to potential Russian escalation, alongside a similar warning from the American Hospital Association.
Meanwhile, at HIMSS22 this past week, FBI special agents told attendees that organizations’ responses to cyber attacks should include plans to contact the agency.
“There is a certain point in the investigation where you might want to bring a partner onboard, you want to make sure you can get to the right people at the right time,” said Special Agent Harry Walker.
ON THE RECORD
“You have the power, the capacity, the responsibility to strengthen the cybersecurity resilience of the critical services technologies on which Americans rely,” said Biden in his memo. “We need everyone to do their part to meet one of the defining threats of our time – your vigilance urgency today can prevent or mitigate attacks tomorrow.”