Biden: Russia exploring cyber attacks against US
President Joe Biden's warning of potential Russian attacks against U.S. critical infrastructure is the latest call to action for the private sector to fortify its cyberdefenses.
Russia is "exploring options" for potential cyber attacks against U.S. critical infrastructure, according to intelligence shared by President Joe Biden and the White House.
The information came via a statement from Biden on Monday afternoon, followed by a fact sheet and press briefing that contained additional information. These new warnings, which Biden said were based on "evolving intelligence," follow previous urging by the federal government to strengthen cyberdefenses as Russia's invasion of Ukraine rages on.
Additional information came in a press briefing that accompanied the president's statement. Deputy National Security Advisor Anne Neuberger said that Russia was "exploring options for potential cyber attacks on critical infrastructure in the United States," but that there was "no certainty" there will be one. Instead, she referred to the new information as a call to action for private and public sector organizations to fortify themselves.
During the Q&A portion of the briefing, Neuberger added that there was no intelligence of a specific threat from Russia -- only "fragmentary pieces of information" about Russian cyberactivity.
"There is no evidence of any specific cyber attack that we're anticipating for," she said. "There is some preparatory activity that we're seeing, and that is what we shared in a classified context with companies who we thought might be affected. And then we're lifting up a broader awareness here in this warning."
Neuberger did not specify which critical infrastructure was most at risk, nor did she specify what kind of activity the government has observed. However, she did say "preparatory activity" could include hunting for vulnerabilities, as an example.
In a statement, Cybersecurity and Infrastructure Security Agency Director Jen Easterly said the call to action "reinforces the urgent need for all organizations, large and small, to act now to protect themselves against malicious cyber activity."
"As the nation's cyber defense agency, CISA has been actively working with critical infrastructure entities to rapidly share information and mitigation guidance that will help them protect their systems," she said. "We will continue working closely with our federal and industry partners to monitor the threat environment 24/7 and we stand ready to help organizations respond to and recover from cyberattacks."
In a fact sheet, the White House recommended organizations mandate the use of multifactor authentication, ensure systems are patched and educate employees on common tactics used by cybercriminals.
"If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year," Biden said in his statement. "You have the power, the capacity and the responsibility to strengthen the cybersecurity and resilience of the critical services and technologies on which Americans rely. We need everyone to do their part to meet one of the defining threats of our time -- your vigilance and urgency today can prevent or mitigate attacks tomorrow."
The White House did not respond to SearchSecurity's request for comment.
Alexander Culafi is a writer, journalist and podcaster based in Boston.