Biden has ‘range of options’ to respond to Russian cyberattacks

The White House said Wednesday that President Biden has a “range of options” that he can choose from to respond to new Russian-linked cyberattacks, but the president hasn’t yet decided whether to take action.

White House press secretary Jen Psaki told reporters aboard Air Force One Wednesday that Biden had not decided on a course of action for responding to the ransomware attack on software company Kaseya and other potential attacks last week, there would be more to come. 

“In terms of operational considerations, obviously it is not in our interest to preview those, or preview our punches as I like to say. The president has a range of options should he determine to take action,” Psaki said.

As of Wednesday afternoon, the Biden administration had yet to attribute the ransomware attack to any particular actor or country, though cybersecurity experts have linked it to the Russian-based “REvil” cyber criminal group. This is the same organization the FBI linked to the ransomware attack in May on JBS USA, the nation’s largest beef provider. 

Kaseya announced Tuesday that while the attack had been “limited,” it had hit dozens of the company’s customers, which provided services to up to 1,500 companies, many of which were small businesses. It is believed to be one of the largest ransomware attacks in history.

Biden and Vice President Harris huddled with administration officials Wednesday morning to discuss how to curb ransomware attacks before departing for a trip to Illinois to promote his economic agenda. Representatives from the Department of Homeland Security and the intelligence community were also present, according to comments Psaki made Tuesday. 

Asked by a reporter about his message to Vladimir Putin on cyber as he departed the White House, Biden responded: “I will deliver it to him.” 

Any action by the Biden administration to respond to the ransomware attack would undoubtedly come after the U.S. government attributes it to a specific actor or group of actors.    

Psaki said that the meeting Wednesday allowed officials to provide Biden with an “update on their ongoing work, surge capacity, resilience and reporting, addressing payment systems, and our ongoing efforts to combat ransomware.”

“What they did discuss is the fact that the president reserves the right to respond against any ransomware networks and those that harbor them. That continues to be his policy,” Psaki noted.

Biden is facing calls to push back on Russian aggression in cyberspace. The latest attacks suggest that Putin did not heed Biden’s warnings during their first summit in Geneva last month during which Biden said that certain forms of critical infrastructure should be off limits for cyberattacks. 

Biden also called on Putin to crack down on cyber criminals, like the Russian cybercrime group behind the Colonial Pipeline ransomware attack that triggered fuel shortages in May.

Since Biden took office, his administration has imposed sanctions on Russia for the massive SolarWinds cyberattack, the poisoning and jailing of opposition leader Alexei Navalny and Russian attempts to interfere in the 2020 election. However, the new activity suggests that the administration will need to do more to deter Russian aggression and raises questions about the effectiveness of sanctions that have already been leveled. 

Compounding concerns was a new attempted attack, first reported by Bloomberg News on Tuesday afternoon, by Russian government-linked hackers on the Republican National Committee (RNC).

The RNC put out a statement Tuesday denying that its data had been stolen, but acknowledging that Synnex, a third-party technology services provider, had been compromised last week. 

“Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed,” RNC Chief of Staff Richard Walters said. “We will continue to work with Microsoft, as well as federal law enforcement officials on this matter.”

Psaki stressed Wednesday that the reporting on the RNC breach “got a little ahead of where the attribution is and where the actual administration is,” but acknowledged that both the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) were investigating the incident. 

“We are investigating. We will conclude the investigation and make an assessment,” Psaki said.

Asked later whether Russia was responsible for the attack, Biden said Wednesday evening that the FBI is “working with the RNC to determine the facts” and indicated he would know more on Thursday.

This story was updated at 6:16 p.m.