President Joe Biden today reiterated warnings that the Russian government could potentially conduct cyberattacks, including in response to imposed sanctions, and emphasized the private sector must step up to defend America’s critical infrastructure.
“From day one, my Administration has worked to strengthen our national cyber defenses, mandating extensive cybersecurity measures for the Federal Government and those critical infrastructure sectors where we have authority to do so, and creating innovative public-private partnerships and initiatives to enhance cybersecurity across all our critical infrastructure,” Biden said in a statement.
The federal government can’t defend against cyberthreats alone, Biden stated. The private sector, which owns and operates most of America’s critical infrastructure, “must accelerate efforts to lock their digital doors.”
“You have the power, the capacity, and the responsibility to strengthen the cybersecurity and resilience of the critical services and technologies on which Americans rely,” he said. “We need everyone to do their part to meet one of the defining threats of our time – your vigilance and urgency today can prevent or mitigate attacks tomorrow.”
Several cybersecurity experts and members of Congress have warned Russia may be holding its cyber capabilities in reserve, and the US should keep its shields up in case any attacks hit the private sector or critical infrastructure.
Adam Meyers, CrowdStrike’s senior vice president for intelligence, told Breaking Defense some of the company’s customers are concerned that they could face cyber retaliation from Russia after being “actively engaged” in sanctions against Russian finaicial institutions, businesses or individuals associated with the Kremlin.
“If you become involved in this either willingly or unwillingly, as a result of, let’s say, economic sanctions or other things, there could be blowback against you,” Meyers said in a March 1 interview. “In this world that we live in, cyber conflict is a real and present danger that our customers see everyday. And so when there’s geopolitical context, they have to assess and understand what does that mean for them, what risk is occurring for them, which threats do they need to be aware of?”
Sen. Mark Warner, D-Va., called for the private sector to ramp up investment in the cyber domain during a Center for Strategic and International Studies event on March 14, adding that he was “relatively amazed” the Russians haven’t already launched a cyber attack at the “level of maliciousness that their cyber arsenal includes.”
Warner pointed to an omnibus spending bill passed by Congress earlier this month that includes language requiring companies to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency.
Such reports will “build a common understanding of how our adversaries are targeting U.S. networks and critical infrastructure,” CISA Director Jen Easterly said in a March 11 statement. “This information will fill critical information gaps and allow us to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims.”
For more of the latest in litigation, regulation, deals and financial services trends, sign up for Finance Docket, a partnership between Breaking Media publications Above the Law and Dealbreaker.