Biden puts cyber at center of his agenda

A series of disruptive cyberattacks targeting sectors from food to energy to technology has forced President Biden to put cybersecurity at the center of his agenda in his first six months in office.

Biden has focused on Russia and China as two nations that present major threats to America’s national and economic security, with cyber issues being prime areas of engagement with those countries as ransomware attacks on critical infrastructure become a constant headache.

The president is regularly briefed on cybersecurity, and the topic drew particular focus during Biden’s second Cabinet meeting since taking office, held Tuesday afternoon.

“We’ve been very clear to other nations as to what we expect in terms of their conduct,” Biden told reporters during the meeting.

Biden campaigned on a pledge to make cybersecurity a top priority as president and experts say that he’s thus far made good on that promise in his personnel choices, responses to attacks and with a sweeping executive order aimed at improving federal cybersecurity.

“The No. 1 thing is really making it a priority and kind of walking the walk,” said Chris Painter, who served as the State Department’s cyber coordinator under former Presidents Obama and Trump. “I think he’s followed through in a lot of different ways.”

Ransomware attacks and other cyberattacks have been on the rise for some time, and cybersecurity has vexed multiple administrations.

Under the Trump administration, the COVID-19 pandemic served as a catalyst for a spike in ransomware attacks and other cyber threats. Schools, government agencies, health care organizations and hospitals were among the vulnerable and overwhelmed groups targeted.

In recent months, the country’s cybersecurity outlook has at times been bleak, with foreign hackers carrying out a series of attacks compromising numerous U.S. government agencies and American companies.

These included the SolarWinds hack — carried out by Russian government-linked hackers — which compromised nine federal agencies and 100 private sector groups, along with vulnerabilities in Microsoft’s Exchange Server application exploited by Chinese-linked hackers to compromise thousands of businesses.

On the heels of the SolarWinds hack, the Biden administration quickly set about assessing the damage and formulating a response. Biden announced a raft of new sanctions on Russia in April over its malign behavior, including the SolarWinds breach and Moscow’s 2020 election interference.

Ransomware attacks in May on Colonial Pipeline, which provides almost half the East Coast’s fuel, and on JBS USA, a major meat producer, further served as wake-up calls for the country as to how cyberattacks can have serious, far-reaching and immediate implications. 

The Transportation Security Administration recently issued two security directives to strengthen pipeline cybersecurity following the Colonial attack.

“When Americans are lacking energy supplies because a major pipeline company had to shut down, this is now an urgent issue,” said Charles Kupchan, who served on former President Obama’s National Security Council.

“Cyberspace is now a top national security priority,” Kupchan said. “I think we’re still early in the game and there’s just a lot of work that needs to be done on a cyber code of conduct.”

The White House is engaging with state and local officials and private sector leaders. Earlier this year, the White House stood up two task forces known as “unified coordination groups” composed of public and private sector representatives to address the SolarWinds and Microsoft hacks.

“The Biden Administration is working around the clock to modernize Federal networks and improve the nation’s cybersecurity, including of critical infrastructure,” a White House official said. “The Federal Government cannot do this alone; we need a whole-of-nation effort including with the private sector and international effort.”

The attacks on Colonial and JBS — both of which were traced back to Russian cyber crime groups — were top of the agenda when Biden met with Russian President Vladimir Putin last month in Geneva and urged the Russian leader to hold cyber criminals operating in Russia accountable.

In the weeks since, a cyber crime group based in Russia conducted a widespread ransomware attack against a Florida-based software provider, Kaseya. Websites run by the hacker group, known as “REvil,” mysteriously went down last week. Biden administration officials have declined to specify whether the U.S. or Russia played a role in taking down the sites.

“We think that’s a very positive thing,” a senior administration official told reporters Sunday a senior administration official told reporters Sunday about the sites being taken down, adding the U.S. continues to hold Russia accountable for cyber criminal activities operating in its borders. “This is a group that has brought tremendous negative impact to victims around the world.”

This week, the U.S. and other nations attributed the global Microsoft Exchange server hack reported in March to Chinese government-linked hackers, publicly admonishing China but stopping short of taking other actions to penalize China.

Painter said it is important for the administration to treat the cyberattacks as part of the overall relationship with China and not take tools like sanctions off the table.

“It’s like the first move in a longer chess game,” he said.

The Biden administration took over from a previous administration under Trump which often seemed to deprioritize cybersecurity, including through the elimination of the White House cybersecurity coordinator position and scaling down the State Department’s Office of the Coordinator for Cyber Issues.

In a sign of Biden’s focus on cyber issues even before the recent stretch of attacks, the president at the start of his administration tapped Anne Neuberger, a National Security Agency (NSA) veteran, as the first deputy national security adviser for cyber and emerging technology.

A bill is currently making its way through Congress to elevate and reorganize the cyber office at the State Department, while the Senate last month unanimously confirmed former NSA Deputy Director Chris Inglis to serve as the nation’s first White House national cyber director.

The Senate also last week confirmed Jen Easterly to serve as director of the Cybersecurity and Infrastructure Security Agency (CISA). The agency had been without Senate-confirmed leadership since November, when Trump fired former CISA Director Chris Krebs for efforts to push back against election disinformation and misinformation.

“Recognizing the critical importance of cyber issues, the Biden Administration has staffed key cyber roles with enormously talented and experienced experts,” David Kris, former head of the Department of Justice’s National Security Division under the Obama administration, said in a statement provided to The Hill on Tuesday.

“Anne Neuberger, Chris Inglis, and Jen Easterly, all veterans of the National Security Agency, will individually and together make a huge contribution to advancing U.S. interests in this field,” said Kris, a founder of Culper Partners consulting firm.

While well-equipped, these officials will face challenges going forward. The administration will need to make tough decisions on how to respond to future state-sponsored hacks and how to better guard domestic critical infrastructure from attacks. That could mean wading further into tricky debates like establishing standards for critical infrastructure.

“There’s a lot to be seen,” Painter said. “How the U.S. reacts and responds, and how Russia and China react and respond, and how we deal with things like non-state-sponsored actors is going to be important.”