3rd Party Risk Management , Business Continuity Management / Disaster Recovery , Critical Infrastructure Security
President Biden Touts Cybersecurity EffortsCites Need to Secure Privately Owned Critical Infrastructure, Signs Proclamation
As Cybersecurity Awareness Month kicks off this week, U.S. President Joe Biden has weighed in on his administration's efforts to curb cyberattacks and bolster the federal government's security posture.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
In a statement issued Friday, Biden acknowledged that "cyber threats can affect every American, every business - regardless of size - and every community. That's why my administration is marshalling a whole-of-nation effort to confront cyber threats."
Biden says his administration remains committed to hardening critical infrastructure, disrupting ransomware networks and promoting "clear rules of the road for all nations in cyberspace."
Biden issued a cybersecurity executive order in May that aims to holistically modernize federal cybersecurity (see: Biden's Cybersecurity Executive Order: 4 Key Takeaways).
The executive order describes how government agencies should evaluate the software they buy and mandates that executive branch agencies deploy multifactor authentication, endpoint detection and response, and encryption. And it calls for these agencies to adopt "zero trust" architectures and more secure cloud services.
'Lead Rather Than Lag'
On Friday, Biden said the executive order will allow the U.S. government to "lead rather than lag" - in part by leveraging its substantial buying power for more secure software.
The president also cited a 100-day action plan to improve the cybersecurity of the electricity sector and indicated that the initiative has garnered support from more than 150 utilities serving 90 million Americans.
In August, Biden met with private sector and education leaders to discuss a national effort to address cybersecurity concerns. During the summit, several participants - including Apple, Google, IBM, Microsoft and Amazon, among others - announced security and workforce training commitments and initiatives (see: White House Tech Meeting: Focus on Critical Infrastructure).
As Biden noted Friday, in July the administration had issued a National Security Memorandum establishing voluntary cybersecurity goals that outline expectations for owners and operators of critical infrastructure.
"This month, the U.S. will [also] bring together 30 countries to accelerate our cooperation in combating cybercrime, improving law enforcement collaboration [and] stemming the illicit use of cryptocurrency," Biden said Friday. "We must lock our digital doors - by encrypting our data and using multifactor authentication, for example."
"This October, even as we recognize how much work remains to be done and that maintaining strong cybersecurity practices is ongoing work, I am confident that the advancements we have put in place during the first months of my administration will enable us to build back better."
Biden Signs Proclamation
Ahead of the monthlong awareness initiative, the president signed a proclamation declaring October as Cybersecurity Awareness Month and saying, in part, "[During the month], we recommit to doing our part to secure and protect our internet-connected devices, technology and networks from cyber threats at work, home, school and anywhere else we connect online."
Biden particularly called for heightened security of critical infrastructure, which he noted is majority owned by the private sector. "The security of our critical infrastructure depends on federal, state, local, tribal and territorial coordination with infrastructure owners and operators to achieve greater strength and security," he said.
Forced to contend with rising ransomware attacks targeting critical sectors including pipelines, meat suppliers and managed service providers, among others, the administration launched "StopRansomware.gov" offering resources to curb the attacks. Additionally, upon attributing the 2020 SolarWinds attack - in which nine federal agencies were reportedly breached by threat actors - to Russian operatives, the administration sanctioned the country, and Biden later met with President Vladimir Putin to discuss the growing, global threat of ransomware. Biden reportedly told Putin that if he did not act against cybercriminals operating within his borders, the U.S. reserved the right to do so (see: Analysis: The Cyber Impact of Biden/Putin Summit Meeting).
Cybersecurity policy within the administration is shaped by new Cybersecurity and Infrastructure Security Agency Director Jen Easterly, along with the nation's first national cyber director, Chris Inglis, and diplomatically by Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger.
Further, last week, the Treasury Department, under Secretary Janet Yellen, sanctioned a Russia-based cryptocurrency exchange, Suex, for allegedly aiding ransomware-affiliated actors. It was the first such designation against a cryptocurrency operation (see: US Treasury Blacklists Russia-Based Crypto Exchange).