The Biden Administration promised to make cybersecurity a top priority and has already taken action, in less than a month since the inauguration. Along with naming several people with national security experience who have also previously worked on cybersecurity issues, the administration has also included more than $10 billion in cybersecurity and information technology funds as part of its $1.9 trillion COVID-19 recovery proposal, with the proposal describing the nation’s cybersecurity as a "crisis."
We've elevated the status of cyber issues within our government," President Biden said in a major national security speech at the State Department on Feb. 4. "We're launching an urgent initiative to improve our capability, readiness and resilience in cyberspace.
One of the administration’s first steps is preparing an executive order to address “gaps” in the federal government’s network security to prevent future breaches like the massive SolarWinds attack, Anne Neuberger, the deputy national security adviser for cyber and emerging technology, said during the daily White House press briefing.
“We are working on close to about a dozen things, likely eight ... to be part of an upcoming executive action to address the gaps we’ve identified in our review of this incident,” Neuberger said.
The massive breach, which impacted nine federal agencies and compromised about 100 private sector companies, is believed to “likely” have been by Russia. SolarWinds has said up to 18,000 of its customers were potentially breached.
“The scale of potential access far exceeded the number of known compromises,” Neuberger said.“Many of the private sector compromises are technology companies, including networks of companies whose products could be used to launch additional intrusions."
Attack Response
The attack had been launched from “inside the United States,” and officials are working to expel the adversaries, secure federal networks, and evaluate response options, Neuberger said. The investigation to understand the scope of the attack may take “several months,” Neuberger said, noting that the attackers took months to plan and execute the compromise, and it would take investigators “some time to uncover this layer by layer.”
“The fix and the cleanup work is underway already,” Neuberger said, although there is still a risk that the attackers, who may still be lurking on government networks, could become disruptive and delete data. The attackers may have exploited technologies other than SolarWinds and created other backdoors into networks to carry out additional activities. The government will also need to focus on investing in securing federal networks, especially since many agencies have extremely outdata hardware and software which needs to be updated.
The National Security Council is coordinating the response with relevant federal agencies, lawmakers, and private sector companies with access to data to understand the scale and scope of compromise, Neuberger said. The administration is also working with allies around the world who have been similarly affected by Russian cyberattacks and espionage.
“[this] isn’t the only case of malicious cyber activity of likely Russian origin, either for us or for our allies and partners,” Neuberger said. “As we contemplate the future response options, we’re considering holistically what those activities were.”
Appointing Experts
The Biden Administration has appointed a slate of officials with cybersecurity expertise. Along with Neuberger, who was the former director of the National Security Agency’s Cybersecurity Directorate, there are four other experienced national security officials with cybersecurity experience on the National Security Council. They are Michael Sulmeyer, senior director for cyber; Elizabeth Sherwood-Randall, Homeland security adviser; Russ Travers, deputy homeland security adviser; and Caitlin Durkovich, senior director for resilience and response at the NSC.
Biden is required under the recently-enacted National Defense Authorization Act to open a cyber-focused office reporting to a national cyber director, who will coordinate the federal government’s cyber capabilities. Reuters reported that Jen Easterly, who led the United States Army’s first cyber operations unit, will likely be named cyber director (pending Senate confirmation).
Per CyberScoop, Robert Silvers, who served as the most senior official for cybersecurity policy under President Obama, will likely be nominated (will need Senate confirmation) to lead the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. The administration has asked Congress for $690 million in additional funding for CISA.
Silvers is close with Secretary of Homeland Security Alejandro Mayorkas. Mayorkas also has cybersecurity experience, having worked on public-private threat sharing programs as the former deputy secretary of DHS during the Obama Administration. He was involved in negotiating the 2015 agreement with China forbidding intellectual property theft. “The cybersecurity of our nation [will be] one of my highest priorities,” he said during his Senate confirmation hearing.
Warning to Adversaries
The administration is also waiting for a full assessment of the SolarWinds attack and election interference by the intelligence agencies. Biden said he emphasized to Russian President Vladimir Putin “the days of the United States rolling over in the fact of aggressive actions interfering with our elections, cyberattacks, poisoning its citizens, are over,” Biden said. “We will not hesitate to raise the cost on Russia and defend our vital interests and our people.”
National security adviser Jake Sullivan has also said the United States would be “taking steps to hold Russia accountable for the range of malign activities undertaken,” including election interference and major hacks like the SolarWinds incident.
The US reserves the right to respond “at a time and in a manner of our own choosing to any cyberattack,” said White House Press Secretary Jen Psaki.
In terms of China, the administration has signalled that it would “push back” on China’s attacks on intellectual property. China has been accused of stealing cutting-edge technology from a wide range of U.S. companies and universities over the years.
There have been a number of malicious cyber activities from North Korea, and the threats will be included in an ongoing review of U.S. policy toward North Korea, said State Department spokesman Ned Price.
"North Korea poses a significant cyber threat to financial institutions, it remains a cyber espionage threat, it retains the ability to conduct disruptive cyber attacks," Price said, during a news briefing.