The government and companies should “lock our digital doors” against a potential incoming cyber volley from Russia, and if the Kremlin “conducts disruptive cyberattacks against critical infrastructure, we will be prepared to respond,” Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger said Monday.
President Biden said in a statement released by the White House on Monday that the private sector should “harden your cyber defenses immediately” while the federal government “will continue to use every tool to deter, disrupt, and if necessary, respond to cyberattacks against critical infrastructure.”
“I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners,” Biden said. “It’s part of Russia’s playbook. Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian government is exploring options for potential cyberattacks.”
A month before Russia invaded Ukraine, an intelligence brief from the Department of Homeland Security warned stakeholders that Russia “would consider” launching a cyber attack against the United States if the U.S. or NATO respond to Russia’s potential invasion of Ukraine in a way that the Kremlin perceives as threatening to Russian security.
The memo also noted that Russia’s threshold for directly launching a destructive attack against U.S. critical infrastructure with its cyber arsenal “probably remains very high” though Moscow “continues to target and gain access to critical infrastructure in the United States.” The brief from DHS’ Office of Intelligence & Analysis noted that, as Russia escalates its military posture at Ukraine’s border and Washington engages in diplomatic strategy, the assessment could evolve in the near future.
Neuberger said Monday at the White House press briefing that “there is no certainty there will be a cyber incident on critical infrastructure,” but the warning “is a call to action and a call to responsibility for all of us.”
“Our efforts together over the past year have helped drive much-needed and significant improvements. But there’s so much more we need to do to have the confidence that we’ve locked our digital doors, particularly for the critical services Americans rely on,” she said. “The majority of our critical infrastructure, as you know, is owned and operated by the private sector.”
“And those owners and operators have the ability and the responsibility to harden the systems and networks we all rely on. Notwithstanding these repeated warnings, we continue to see adversaries compromising systems that use known vulnerabilities for which there are patches,” Neuberger continued. “This is deeply troubling. So, we’re urging today companies to take the steps within your control to act immediately to protect the services millions of Americans rely on and to use the resources the federal government makes available.”
Neuberger told reporters that as soon as intelligence indicated last week that there could be a cyber attack the administration “hosted classified briefings with companies and sectors we felt would be most effective and provided very practical focused advice.”
“Every single day, there should be a call to action,” she stressed. “We’re using the opportunity of this evolving threat intelligence regarding potential cyberattacks against critical infrastructure to reiterate those with additional focus, specifically to critical infrastructure owners and operators to say you have the responsibility to take these steps to protect the critical services Americans rely on.”
Neuberger wouldn’t elaborate on which sector(s) may be under specific threat, but “even those sectors that we do not see any specific threat intelligence for, we truly want those sectors to double down and do the work that’s needed.”
“We believe the key entities who need to know have been provided classified briefings,” she added.
Homeland Security Secretary Alejandro Mayorkas said in a Monday statement that “as the Russian government explores options for potential cyberattacks against the United States, the Department of Homeland Security continues to work closely with our partners across every level of government, in the private sector, and with local communities to protect our country’s networks and critical infrastructure from malicious cyber activity.”
Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said that “evolving intelligence that the Russian government is exploring options to conduct potential cyberattacks against the United States reinforces the urgent need for all organizations, large and small, to act now to protect themselves against malicious cyber activity.”
“As the nation’s cyber defense agency, CISA has been actively working with critical infrastructure entities to rapidly share information and mitigation guidance that will help them protect their systems. We will continue working closely with our federal and industry partners to monitor the threat environment 24/7 and we stand ready to help organizations respond to and recover from cyberattacks,” she added. “Organizations can visit CISA.gov/Shields-Up for information on how to protect their networks and should report anomalous cyber activity and/or cyber incidents to firstname.lastname@example.org or (888) 282-0870, or an FBI field office. When cyber incidents are reported quickly, it can contribute to stopping further attacks.”