Biden issues warning about Russian cyber attacks

US president Joe Biden has urged critical infrastructure owners and operators to “accelerate efforts to lock their digital doors” in warning over potential cyber attacks from Russia.

On 21 March 2022, Biden claimed in a statement that “evolving intelligence” showed the Russian government was “exploring options” for cyber attacks in response to the “unprecedented economic costs” imposed by the US and others following Vladimir Putin’s illegal invasion of Ukraine.

However, Biden noted that the federal government could not act alone as most of the US’ critical infrastructure is owned and operated by the private sector, and called on them to “do their part” to prevent and mitigate attacks.

“If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year,” he said. “You have the power, the capacity, and the responsibility to strengthen the cyber security and resilience of the critical services and technologies on which Americans rely.”

Biden added that his administration “will continue to use every tool to deter, disrupt and, if necessary, respond to cyber attacks against critical infrastructure”.

Biden previously warned on 24 February – the day Putin invaded Ukraine after weeks of rising tension – that the US is “prepared to respond” to cyber attacks on US companies and critical infrastructure.

Director of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, said that Biden’s statement reinforced the “urgent need” for organisations of all sizes to bolster their protections against malicious cyber activity.

“As the nation’s cyber defense agency, CISA has been actively working with critical infrastructure entities to rapidly share information and mitigation guidance that will help them protect their systems,” she said in her own statement.

“We will continue working closely with our federal and industry partners to monitor the threat environment 24/7, and we stand ready to help organisations respond to and recover from cyber attacks.”

Biden previously issued an Executive Order in May 2021 to modernise the US government’s cyber defences and improve public-private collaboration on cyber issues following incidents such as the attacks on Colonial Pipeline, Microsoft Exchange Server and SolarWinds.

The White House said at the time that IT providers were too often hesitant (or unable) to share information about compromises, often for contractual reasons, but also out of hesitance to embarrass themselves or their customers.

By enacting measures to change this, the administration added that it will be able to defend government bodies more effectively and improve the wider cyber security of the US.

Biden also signed an Executive Order in April 2021 sanctioning Russia in response to SolarWinds – which is formally attributed to the Russian state-backed APT29 (or Cosy Bear) – and other similar attacks.

More recently, BIden signed cyber security incident reporting mandates into law on 15 March 2022, making it a legal requirement for operators of critical national infrastructure (CNI) to disclose cyber attacks to the government.

Known as the Strengthening American Cybersecurity Act, the law requires CNI owners within the US to report substantial cyber attacks to the CISA within 72 hours, and any ransomware payments made within 24 hours.