E-Paper
Biden warns US companies of potential Russian cyberattacks
Biden said that Putin had the capability to conduct malicious cyberattacks but hadn’t used it yet as its military struggles in Ukraine
US President Joe Biden on Monday warned that Russia is weighing a cyberattack against the US, as its military struggles in Ukraine, and urged American companies, particularly those operating in critical infrastructure, to boost their cyber-defence capabilities.
Speaking at a business roundtable, soon after his administration issued a set of suggestions to companies about steps they needed to take in the cyber domain, Biden said that Putin had the capability to conduct malicious cyberattacks but hadn’t used it yet.
“My administration has issued renewed warnings that, based on evolving intelligence, Russia may be planning a cyberattack against us. And as I’ve said, the magnitude of Russia’s cyber capacity is fairly consequential, and it’s coming,” he said, adding that Russia was contemplating these measures in response to the economic costs imposed on it by the US and its allies in the aftermath of the invasion of Ukraine.
The US president told top American companies it was their “patriotic obligation” to invest as much as possible to build up their “technological capacity” to deal with cyber cyberattacks.
“First, to protect your own companies; second, as providers of critical services that Americans rely on, from power to clean water; and finally, [the] role you can play in helping secure every American and every American’s privacy,” Biden said.
His warning was in line with the administration’s strategy to release intelligence as a method to both warn the world about possible Russian actions, and pre-empt them.
In a briefing on Monday, deputy national security adviser for cyber and emerging technologies Anne Neuberger said that federal agencies had, in a classified briefing, spoken to over 100 companies last week to discuss the threat of cyberattacks and advise them on steps they needed to take.
But, she clarified, “there is no certainty there will be a cyber incident on critical infrastructure”.
“This is a call to action and a call to responsibility for all of us,” she said.
A majority of America’s critical infrastructure facilities are operated by the private sector, and the administration said it was their responsibility to “harden the systems and networks” that all citizens relied on. When asked about the basis of the warning, Neuberger said that the US had noted “preparatory activity”.
“This could mean scanning websites, it could be hunting for vulnerabilities,” she said.
“The most troubling piece is we continue to see known vulnerabilities, for which we have patches available, used by even sophisticated cyber actors to compromise American companies. And that makes it far easier for attackers than it needs to be,” Neuberger added.
“What we are asking for is: Lock your digital doors. Make it harder for attackers. Make them do more work.”
In a separate factsheet, the White House laid out a set of specific measures that companies should take “with urgency”. These included mandating the use of multi-factor authentication, deploying modern security tools on computers and networks, ensuring that systems were patched against known vulnerabilities, changing passwords, backing up data, running emergency drills, data encryption to prevent theft, and educating employees on tactics that attackers could use over email and reporting of unusual activity.
