Published on April 19th, 2022 📆 | 5064 Views ⚑
0A Year of Hacks and Cyberwar: How Biden Is Tackling Cybersecurity
When Joe Biden took office as president in January 2021, he faced a cybersecurity crisis. According to the U.S. Intelligence Community, the threat environment was âacute.â Foreign adversaries were using âcyber operations to steal information, influence populations, and damage industry, including physical and digital critical infrastructure.â More than a year later, the situation is still dire. The good news is that Bidenâs team is on it.
Donald Trumpâs behavior contributed to the crisis. After the Cybersecurity and Infrastructure Protection Agency (CISA) stated that U.S. election of 2020 was âthe most secure in American history,â Trump fired its first director, Chris Krebsâa man he had appointedâfor refuting his wild and false claims of hacked voting machines. This followed Trumpâs previous decisions to abolish high-level cyber positions at the White House and at the State Department.
The leadership vacuum could not have come at a worse time. In December 2020, the cybersecurity company FireEye disclosed that its networks had been affected by malware piggybacking on the popular Orion IT management software, a product of SolarWinds. Major companies and government agencies, including the Pentagon, Department of Homeland Security (DHS), and National Nuclear Security Administration, were affected, along with 18,000 other SolarWinds customers.
Biden began by assembling a strong team in top cyber positions: no mean feat in a field in which the private sector has so much to offer. On day one, he restored the National Security Council cyber job that Trump had unwisely eliminated and chose experienced National Security Agency (NSA) hand Anne Neuberger to fill it. Neuberger was made a deputy assistant to the president and deputy national security advisor, giving the post significantly more clout in the White House status hierarchy than it had enjoyed during the Obama years.
At DHS, Biden moved quickly to fill the void left by Trumpâs firing of his CISA director by choosing Jen Easterly, a U.S. Army veteran who helped establish Cyber Command during the Obama years. Bidenâs widely-praised choice would go on to be confirmed unanimously by the Senate. For the brand-new position of national cyber director in the White Houseâcreated by Congress in JanuaryâBiden chose Chris Inglis, who had served as the NSA deputy director during the George W. Bush and Barack Obama administrations.
Job one was addressing the SolarWinds hack. In April, National Security Adviser Jake Sullivan announced that a âmix of tools, seen and unseenâ would be used against Russia. Biden imposed targeted sanctions for the âtotally inappropriateâ SolarWinds hack, just as news emerged of another major cyber espionage operationâthis one by Chinese hackers targeting Microsoft Exchange servers.
In May, Biden issued an executive order that set forth new policies and mechanisms to improve information sharing and threat reporting, enhance software supply chain security, and establish a cyber safety review board. Most importantly, the order leverages the governmentâs purchasing power to spur the adoption of leap-ahead cybersecurity technologies, particularly in the emerging area of âzero trustââa cybersecurity architecture that relies on protecting data inside a network, assuming that hackers have already penetrated it. âIncremental improvements will not give us the security we need,â the order stresses.
Biden faced more trouble in June, when a ransomware attack on Colonial Pipeline led to fuel shortages in the southeastern United States. In July, an even more massive ransomware attack affected customers of Kaseya, a provider of remote IT services, shutting down supermarkets in Sweden. These were only the highest profile in a spate of ransomware attacks, posing dilemmas for law enforcement and businesses about how to respond. The U.S. Justice Department, Ukrainian police and prosecutors, and other allies worked to identify the Ukrainian man behind the Kaseya attacks. He was arrested in Poland in November.
Meanwhile at CISA, Easterly was moving quickly to transform public-private collaboration from a buzzword with few results to true operational cooperation among technology companies, the government, and critical infrastructure. In August, CISA announced JC/DCâthe Joint Cyber Defense Collaborativeâwhich brings together Silicon Valley heavyweights, cybersecurity companies, and the NSA, FBI, and Cyber Command. Among its accomplishments, spurred by ongoing attacks that took advantage of a software vulnerability in code known as âLog4j,â has been to shorten the time between discovering attack information to creating public alerts and mitigations.
Russiaâs massing of forces on the Ukrainian border in late 2021 and early 2022 raised the stakes for cybersecurity even further, as experts predicted a wave of digital attacks would precede any conventional assault. They were right. Â Even before Russiaâs tanks rolled across its neighborâs borders, the cyberattacks were coming fast and furious, freezing Ukrainian government computers and even briefly shutting down German wind turbines. Ukrainians showed as much skill and dedication in defending their digital networks as they did on the battlefield.
Bidenâs team played its part. In the early hours of Russiaâs invasion of Ukraine, Neuberger helped make sure information about Russian malware discovered by security researchers at Microsoft was quickly shared in time to mitigate its impact.
Congress has also stepped up. On March 15, Biden signed legislation requiring companies that operate critical infrastructure to report significant cyberattacks to CISA, with tight deadlines of twenty-four hours for ransomware payments and seventy-two hours for other cyber incidents. The law will give the government more visibility into cyberattacks because the FBI estimates that only a quarter of such incidents are reported voluntarily. It also represents a bureaucratic victory for CISAâs Easterly, strengthening her agencyâs authority in the face of objections that the law sidelines the FBI. Congress continues to consider broader reforms to federal cybersecurity passed by the Senate.
As war rages in Ukraine, Vladimir Putinâs Russia will launch more cyberattacks, quite possibly targeting critical infrastructure in the United States. Bidenâs team has amassed an impressive record of accomplishments over its first fifteen months, but there remains much work to do. One thing is sure: cyber threats will be âacuteâ for many years to come.
Timothy H. Edgar is a senior fellow at the Watson Institute at Brown University, teaches in its cybersecurity masterâs program and is a lecturer at Harvard Law School. He served in the White House National Security Staff under President Barack Obama and is the author of Beyond Snowden: Privacy, Mass Surveillance and the Struggle to Reform the NSA.
Image: Reuters.
Gloss