President Joe Biden warned yesterday about new indications of possible Russian cyberattacks, pumping up the volume on weeks of growing concern about a possible Kremlin-ordered response to crushing sanctions over the invasion of Ukraine.
Biden reiterated those warnings, prompted by what he called "evolving intelligence that the Russian government is exploring options for potential cyberattacks.” He urged the the U.S. private sector: "Harden your cyber defense immediately.”
While the White House provided few details about the nature of the threat, the president’s message underscored the continuing threat in cyberspace for U.S. businesses and organizations. Cyberattacks have played a smaller role in Russia’s invasion of Ukraine than many experts predicted, supplanted by a grinding and bloody ground campaign. Anticipated retaliatory attacks against U.S. businesses and organizations apparently haven’t occurred in the wake of strict sanctions, at least not on a major scale.
Anne Neuberger, the deputy national security adviser for cyber and emerging technology, said in a briefing that "there is no certainty” of an attack on the U.S. but that Biden’s statement was a "call to action.”
"There are cyberattacks that occur every day,” she said, adding that Biden’s warning was intended to focus attention on "critical infrastructure.” She declined to specify which industries might be threatened.
Biden, in his statement, said "Critical infrastructure owners and operators must accelerate efforts to lock their digital doors.”
The president later stressed the danger to chief executives at a meeting of the Business Roundtable on Monday evening. "One of the tools he’s most likely to use, in my view and our view, is cyber, cyberattacks,” he said. "He has the capability. He hasn’t used it yet but it’s part of his playbook.”
And the National Security Agency, through a spokesperson, said that improving defenses against cyber threats now was crucial, and that the organization had publicly conveyed information about possible harmful operations with links to Russia.
The White House is limited in just how far it can protect critical infrastructure, which includes everything from dams and electric grids to water systems and food production. Much of it is operated by the private sector, regulatory oversight is patchy, and the level of cybersecurity preparedness varies greatly by industry and by company. Since a string of high-profile assaults last year -- including a ransomware attack on Colonial Pipeline Co. that snarled fuel supplies along the East Coast in May -- the Biden administration has pleaded with operators to bolster cyber defenses.
